Package org.owasp.html

Class Sanitizers

java.lang.Object

org.owasp.html.Sanitizers

public final class Sanitizers
extends java.lang.Object

Pre-packaged HTML sanitizer policies.

These policies can be used to sanitize content.

   Sanitizers.FORMATTING.sanitize("<b>Hello, World!</b>")
 

and can be chained

   PolicyFactory sanitizer = Sanitizers.FORMATTING.and(Sanitizers.BLOCKS);
   System.out.println(sanitizer.sanitize("<p>Hello, <b>World!</b>"));
 

For more fine-grained control over sanitization, use HtmlPolicyBuilder.

Author:

Mike Samuel ([email protected])

Field Summary

Fields

Modifier and Type	Field	Description
static PolicyFactory	BLOCKS	Allows common block elements including <p>, <h1>, etc.
static PolicyFactory	FORMATTING	Allows common formatting elements including <b>, <i>, etc.
static PolicyFactory	IMAGES	Allows <img> elements from HTTP, HTTPS, and relative sources.
static PolicyFactory	LINKS	Allows HTTP, HTTPS, MAILTO, and relative links.
static PolicyFactory	STYLES	Allows certain safe CSS properties in style="..." attributes.
static PolicyFactory	TABLES	Allows common table elements.

Method Summary

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

FORMATTING

public static final PolicyFactory FORMATTING

Allows common formatting elements including <b>, <i>, etc.

BLOCKS

public static final PolicyFactory BLOCKS

Allows common block elements including <p>, <h1>, etc.

STYLES

public static final PolicyFactory STYLES

Allows certain safe CSS properties in style="..." attributes.

LINKS

public static final PolicyFactory LINKS

Allows HTTP, HTTPS, MAILTO, and relative links.

TABLES

public static final PolicyFactory TABLES

Allows common table elements.

IMAGES

public static final PolicyFactory IMAGES

Allows <img> elements from HTTP, HTTPS, and relative sources.