Package org.owasp.html

Class HtmlPolicyBuilder.AttributeBuilder

  • Enclosing class:
    HtmlPolicyBuilder
    public final class HtmlPolicyBuilder.AttributeBuilder
extends Object
    Builds the relationship between attributes, the values that they may have, and the elements on which they may appear.
    Author:
    Mike Samuel

    • Method Detail

      • matching

        public HtmlPolicyBuilder.AttributeBuilder matching​(AttributePolicy attrPolicy)
        Filters and/or transforms the attribute values allowed by later allow* calls. Multiple calls to matching are combined so that the policies receive the value in order, each seeing the value after any transformation by a previous policy.

      • matching

        public HtmlPolicyBuilder.AttributeBuilder matching​(Pattern pattern)
        Restrict the values allowed by later allow* calls to those matching the pattern. Multiple calls to matching are combined to restrict to the intersection of possible matched values.

      • matching

        public HtmlPolicyBuilder.AttributeBuilder matching​(com.google.common.base.Predicate<? super String> filter)
        Restrict the values allowed by later allow* calls to those matching the given predicate. Multiple calls to matching are combined to restrict to the intersection of possible matched values.

      • matching

        public HtmlPolicyBuilder.AttributeBuilder matching​(boolean ignoreCase,
                                                   String... allowedValues)
        Restrict the values allowed by later allow* calls to those supplied. Multiple calls to matching are combined to restrict to the intersection of possible matched values.

      • matching

        public HtmlPolicyBuilder.AttributeBuilder matching​(boolean ignoreCase,
                                                   Set<? extends String> allowedValues)
        Restrict the values allowed by later allow* calls to those supplied. Multiple calls to matching are combined to restrict to the intersection of possible matched values.

      • globally

        public HtmlPolicyBuilder globally()
        Allows the given attributes on any elements but filters the attributes' values based on previous calls to matching(...). Global attribute policies are applied after element specific policies. Be careful of using this with attributes like type which have different meanings on different attributes. Also be careful of allowing globally attributes like href which can have more far-reaching effects on tags like <base> and <link> than on <a> because in the former, they have an effect without user interaction and can change the behavior of the current page.

      • onElements

        public HtmlPolicyBuilder onElements​(String... elementNames)
        Allows the named attributes on the given elements but filters the attributes' values based on previous calls to matching(...).