Package org.owasp.html
Class HtmlPolicyBuilder.AttributeBuilder
- java.lang.Object
-
- org.owasp.html.HtmlPolicyBuilder.AttributeBuilder
-
- Enclosing class:
- HtmlPolicyBuilder
public final class HtmlPolicyBuilder.AttributeBuilder extends Object
Builds the relationship between attributes, the values that they may have, and the elements on which they may appear.- Author:
- Mike Samuel
-
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description HtmlPolicyBuilder
globally()
Allows the given attributes on any elements but filters the attributes' values based on previous calls tomatching(...)
.HtmlPolicyBuilder.AttributeBuilder
matching(boolean ignoreCase, String... allowedValues)
Restrict the values allowed by laterallow*
calls to those supplied.HtmlPolicyBuilder.AttributeBuilder
matching(boolean ignoreCase, Set<? extends String> allowedValues)
Restrict the values allowed by laterallow*
calls to those supplied.HtmlPolicyBuilder.AttributeBuilder
matching(com.google.common.base.Predicate<? super String> filter)
Restrict the values allowed by laterallow*
calls to those matching the given predicate.HtmlPolicyBuilder.AttributeBuilder
matching(Pattern pattern)
Restrict the values allowed by laterallow*
calls to those matching the pattern.HtmlPolicyBuilder.AttributeBuilder
matching(AttributePolicy attrPolicy)
Filters and/or transforms the attribute values allowed by laterallow*
calls.HtmlPolicyBuilder
onElements(String... elementNames)
Allows the named attributes on the given elements but filters the attributes' values based on previous calls tomatching(...)
.
-
-
-
Method Detail
-
matching
public HtmlPolicyBuilder.AttributeBuilder matching(AttributePolicy attrPolicy)
Filters and/or transforms the attribute values allowed by laterallow*
calls. Multiple calls tomatching
are combined so that the policies receive the value in order, each seeing the value after any transformation by a previous policy.
-
matching
public HtmlPolicyBuilder.AttributeBuilder matching(Pattern pattern)
Restrict the values allowed by laterallow*
calls to those matching the pattern. Multiple calls tomatching
are combined to restrict to the intersection of possible matched values.
-
matching
public HtmlPolicyBuilder.AttributeBuilder matching(com.google.common.base.Predicate<? super String> filter)
Restrict the values allowed by laterallow*
calls to those matching the given predicate. Multiple calls tomatching
are combined to restrict to the intersection of possible matched values.
-
matching
public HtmlPolicyBuilder.AttributeBuilder matching(boolean ignoreCase, String... allowedValues)
Restrict the values allowed by laterallow*
calls to those supplied. Multiple calls tomatching
are combined to restrict to the intersection of possible matched values.
-
matching
public HtmlPolicyBuilder.AttributeBuilder matching(boolean ignoreCase, Set<? extends String> allowedValues)
Restrict the values allowed by laterallow*
calls to those supplied. Multiple calls tomatching
are combined to restrict to the intersection of possible matched values.
-
globally
public HtmlPolicyBuilder globally()
Allows the given attributes on any elements but filters the attributes' values based on previous calls tomatching(...)
. Global attribute policies are applied after element specific policies. Be careful of using this with attributes liketype
which have different meanings on different attributes. Also be careful of allowing globally attributes likehref
which can have more far-reaching effects on tags like<base>
and<link>
than on<a>
because in the former, they have an effect without user interaction and can change the behavior of the current page.
-
onElements
public HtmlPolicyBuilder onElements(String... elementNames)
Allows the named attributes on the given elements but filters the attributes' values based on previous calls tomatching(...)
.
-
-