public final class HtmlPolicyBuilder.AttributeBuilder
extends java.lang.Object
Modifier and Type | Method | Description |
---|---|---|
HtmlPolicyBuilder |
globally() |
Allows the given attributes on any elements but filters the
attributes' values based on previous calls to
matching(...) . |
HtmlPolicyBuilder.AttributeBuilder |
matching(boolean ignoreCase,
java.lang.String... allowedValues) |
Restrict the values allowed by later
allow* calls to those
supplied. |
HtmlPolicyBuilder.AttributeBuilder |
matching(boolean ignoreCase,
java.util.Set<? extends java.lang.String> allowedValues) |
Restrict the values allowed by later
allow* calls to those
supplied. |
HtmlPolicyBuilder.AttributeBuilder |
matching(com.google.common.base.Predicate<? super java.lang.String> filter) |
Restrict the values allowed by later
allow* calls to those
matching the given predicate. |
HtmlPolicyBuilder.AttributeBuilder |
matching(java.util.regex.Pattern pattern) |
Restrict the values allowed by later
allow* calls to those
matching the pattern. |
HtmlPolicyBuilder.AttributeBuilder |
matching(AttributePolicy attrPolicy) |
Filters and/or transforms the attribute values
allowed by later
allow* calls. |
HtmlPolicyBuilder |
onElements(java.lang.String... elementNames) |
Allows the named attributes on the given elements but filters the
attributes' values based on previous calls to
matching(...) . |
public HtmlPolicyBuilder.AttributeBuilder matching(AttributePolicy attrPolicy)
allow*
calls.
Multiple calls to matching
are combined so that the policies
receive the value in order, each seeing the value after any
transformation by a previous policy.public HtmlPolicyBuilder.AttributeBuilder matching(java.util.regex.Pattern pattern)
allow*
calls to those
matching the pattern.
Multiple calls to matching
are combined to restrict to the
intersection of possible matched values.public HtmlPolicyBuilder.AttributeBuilder matching(com.google.common.base.Predicate<? super java.lang.String> filter)
allow*
calls to those
matching the given predicate.
Multiple calls to matching
are combined to restrict to the
intersection of possible matched values.public HtmlPolicyBuilder.AttributeBuilder matching(boolean ignoreCase, java.lang.String... allowedValues)
allow*
calls to those
supplied.
Multiple calls to matching
are combined to restrict to the
intersection of possible matched values.public HtmlPolicyBuilder.AttributeBuilder matching(boolean ignoreCase, java.util.Set<? extends java.lang.String> allowedValues)
allow*
calls to those
supplied.
Multiple calls to matching
are combined to restrict to the
intersection of possible matched values.public HtmlPolicyBuilder globally()
matching(...)
.
Global attribute policies are applied after element specific policies.
Be careful of using this with attributes like type
which
have different meanings on different attributes.
Also be careful of allowing globally attributes like href
which can have more far-reaching effects on tags like
<base>
and <link>
than on
<a>
because in the former, they have an effect without
user interaction and can change the behavior of the current page.public HtmlPolicyBuilder onElements(java.lang.String... elementNames)
matching(...)
.Copyright © 2019 OWASP. All rights reserved.