Package org.owasp.html
Class PolicyFactory
- java.lang.Object
-
- org.owasp.html.PolicyFactory
-
- All Implemented Interfaces:
com.google.common.base.Function<HtmlStreamEventReceiver,HtmlSanitizer.Policy>,java.util.function.Function<HtmlStreamEventReceiver,HtmlSanitizer.Policy>
@ThreadSafe @Immutable public final class PolicyFactory extends Object implements com.google.common.base.Function<HtmlStreamEventReceiver,HtmlSanitizer.Policy>
A factory that can be used to link a sanitizer to an output receiver and that provides a convenientsanitizeand- Author:
- Mike Samuel ([email protected])
-
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description PolicyFactoryand(PolicyFactory f)Produces a factory that allows the union of the grants, and intersects policies where they overlap on a particular granted attribute or element name.HtmlSanitizer.Policyapply(HtmlStreamEventReceiver out)Produces a sanitizer that emits tokens toout.<CTX> HtmlSanitizer.Policyapply(HtmlStreamEventReceiver out, HtmlChangeListener<CTX> listener, CTX context)Produces a sanitizer that emits tokens tooutand that notifies anylistenerof any dropped tags and attributes.Stringsanitize(String html)A convenience function that sanitizes a string of HTML.<CTX> Stringsanitize(String html, HtmlChangeListener<CTX> listener, CTX context)A convenience function that sanitizes a string of HTML and reports the names of rejected element and attributes to listener.
-
-
-
Method Detail
-
apply
public HtmlSanitizer.Policy apply(@Nonnull HtmlStreamEventReceiver out)
Produces a sanitizer that emits tokens toout.- Specified by:
applyin interfacecom.google.common.base.Function<HtmlStreamEventReceiver,HtmlSanitizer.Policy>- Specified by:
applyin interfacejava.util.function.Function<HtmlStreamEventReceiver,HtmlSanitizer.Policy>
-
apply
public <CTX> HtmlSanitizer.Policy apply(HtmlStreamEventReceiver out, @Nullable HtmlChangeListener<CTX> listener, @Nullable CTX context)
Produces a sanitizer that emits tokens tooutand that notifies anylistenerof any dropped tags and attributes.- Parameters:
out- a renderer that receives approved tokens only.listener- if non-null, receives notifications of tags and attributes that were rejected by the policy. This may tie into intrusion detection systems.context- if(listener != null)then the context value passed with notifications. This can be used to let the listener know from which connection or request the questionable HTML was received.
-
sanitize
public String sanitize(@Nullable String html)
A convenience function that sanitizes a string of HTML.
-
sanitize
public <CTX> String sanitize(@Nullable String html, @Nullable HtmlChangeListener<CTX> listener, @Nullable CTX context)
A convenience function that sanitizes a string of HTML and reports the names of rejected element and attributes to listener.- Parameters:
html- the string of HTML to sanitize.listener- if non-null, receives notifications of tags and attributes that were rejected by the policy. This may tie into intrusion detection systems.context- if(listener != null)then the context value passed with notifications. This can be used to let the listener know from which connection or request the questionable HTML was received.- Returns:
- a string of HTML that complies with this factory's policy.
-
and
public PolicyFactory and(PolicyFactory f)
Produces a factory that allows the union of the grants, and intersects policies where they overlap on a particular granted attribute or element name.
-
-