Package org.owasp.html
Interface AttributePolicy
-
- All Known Subinterfaces:
AttributePolicy.JoinableAttributePolicy
- All Known Implementing Classes:
FilterUrlByProtocolAttributePolicy
public interface AttributePolicy
A policy that can be applied to an HTML attribute to decide whether or not to allow it in the output, possibly after transforming its value.- Author:
- Mike Samuel ([email protected])
- See Also:
HtmlPolicyBuilder.AttributeBuilder.matching(AttributePolicy)
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static interface
AttributePolicy.JoinableAttributePolicy
An attribute policy that is joinable.static class
AttributePolicy.Util
Utilities for working with attribute policies.
-
Field Summary
Fields Modifier and Type Field Description static AttributePolicy
IDENTITY_ATTRIBUTE_POLICY
An attribute policy that returns the value unchanged.static AttributePolicy
REJECT_ALL_ATTRIBUTE_POLICY
An attribute policy that rejects all values.
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description String
apply(String elementName, String attributeName, String value)
-
-
-
Field Detail
-
IDENTITY_ATTRIBUTE_POLICY
static final AttributePolicy IDENTITY_ATTRIBUTE_POLICY
An attribute policy that returns the value unchanged.
-
REJECT_ALL_ATTRIBUTE_POLICY
static final AttributePolicy REJECT_ALL_ATTRIBUTE_POLICY
An attribute policy that rejects all values.
-
-
Method Detail
-
apply
@Nullable String apply(String elementName, String attributeName, String value)
- Parameters:
elementName
- the lower-case element name.attributeName
- the lower-case attribute name.value
- the attribute value without quotes and with HTML entities decoded.- Returns:
null
to disallow the attribute or the adjusted value if allowed.
-
-