AntiSamy (OWASP AntiSamy 1.6.6.1 API)

java.lang.Object
- org.owasp.validator.html.AntiSamy

```
public class AntiSamy
extends Object
```
This is the only class from which the outside world should be calling. The scan() method holds the meat and potatoes of AntiSamy. The file contains a number of ways for scan()'ing depending on the accessibility of the policy file.

Author:

Arshan Dabirsiaghi

Field Summary

Fields
Modifier and Type Field and Description

static int DOM

static int SAX

Fields
Modifier and Type	Field and Description
`static int`	`DOM`
`static int`	`SAX`

Constructor Summary

Constructors
Constructor and Description

AntiSamy()

AntiSamy(Policy policy)

Constructors
Constructor and Description
`AntiSamy()`
`AntiSamy(Policy policy)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`CleanResults`	`scan(Reader reader, Writer writer, Policy policy)` Use this method if caller has Streams rather than Strings for I/O Useful for servlets where the response is very large and we don't validate, simply encode as bytes are consumed from the stream.
`CleanResults`	`scan(String taintedHTML)` The meat and potatoes.
`CleanResults`	`scan(String taintedHTML, File policyFile)` This method wraps `scan()` using the policy File object passed in.
`CleanResults`	`scan(String taintedHTML, int scanType)` This method sets `scan()` to use the specified scan type.
`CleanResults`	`scan(String taintedHTML, Policy policy)` This method wraps `scan()` using the Policy object passed in.
`CleanResults`	`scan(String taintedHTML, Policy policy, int scanType)` This method wraps `scan()` using the Policy object passed in and the specified scan type.
`CleanResults`	`scan(String taintedHTML, String filename)` This method wraps `scan()` using the Policy in the specified file.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - DOM
```
public static final int DOM
```
    See Also:
    
    Constant Field Values
  - SAX
```
public static final int SAX
```
    See Also:
    
    Constant Field Values
- Constructor Detail
  - AntiSamy
```
public AntiSamy()
```
  - AntiSamy
```
public AntiSamy(Policy policy)
```
- Method Detail
  - scan
```
public CleanResults scan(String taintedHTML)
                  throws ScanException,
                         PolicyException
```
    The meat and potatoes. The scan() family of methods are the only methods the outside world should be calling to invoke AntiSamy.
    
    Parameters:
    
    taintedHTML - Untrusted HTML which may contain malicious code.
    
    Returns:
    
    A CleanResults object which contains information about the scan (including the results).
    
    Throws:
    
    ScanException - When there is a problem encountered while scanning the HTML.
    
    PolicyException - When there is a problem reading the policy file.
  - scan
```
public CleanResults scan(String taintedHTML,
                         int scanType)
                  throws ScanException,
                         PolicyException
```
    This method sets scan() to use the specified scan type.
    
    Parameters:
    
    taintedHTML - Untrusted HTML which may contain malicious code.
    
    scanType - The type of scan (DOM or SAX).
    
    Returns:
    
    A CleanResults object which contains information about the scan (including the results).
    
    Throws:
    
    ScanException - When there is a problem encountered while scanning the HTML.
    
    PolicyException - When there is a problem reading the policy file.
  - scan
```
public CleanResults scan(String taintedHTML,
                         Policy policy)
                  throws ScanException,
                         PolicyException
```
    This method wraps scan() using the Policy object passed in.
    
    Parameters:
    
    taintedHTML - Untrusted HTML which may contain malicious code.
    
    policy - The custom policy to enforce.
    
    Returns:
    
    A CleanResults object which contains information about the scan (including the results).
    
    Throws:
    
    ScanException - When there is a problem encountered while scanning the HTML.
    
    PolicyException - When there is a problem reading the policy file.
  - scan
```
public CleanResults scan(String taintedHTML,
                         Policy policy,
                         int scanType)
                  throws ScanException,
                         PolicyException
```
    This method wraps scan() using the Policy object passed in and the specified scan type.
    
    Parameters:
    
    taintedHTML - Untrusted HTML which may contain malicious code.
    
    policy - The custom policy to enforce.
    
    scanType - The type of scan (DOM or SAX).
    
    Returns:
    
    A CleanResults object which contains information about the scan (including the results).
    
    Throws:
    
    ScanException - When there is a problem encountered while scanning the HTML.
    
    PolicyException - When there is a problem reading the policy file.
  - scan
```
public CleanResults scan(Reader reader,
                         Writer writer,
                         Policy policy)
                  throws ScanException
```
    Use this method if caller has Streams rather than Strings for I/O Useful for servlets where the response is very large and we don't validate, simply encode as bytes are consumed from the stream.
    
    Parameters:
    
    reader - Reader that produces the input, possibly a little at a time
    
    writer - Writer that receives the cleaned output, possibly a little at a time
    
    policy - Policy that directs the scan
    
    Returns:
    
    CleanResults where the cleanHtml is null. If caller wants the clean HTML, it must capture the writer's contents. When using Streams, caller generally doesn't want to create a single string containing clean HTML.
    
    Throws:
    
    ScanException - When there is a problem encountered while scanning the HTML.
  - scan
```
public CleanResults scan(String taintedHTML,
                         String filename)
                  throws ScanException,
                         PolicyException
```
    This method wraps scan() using the Policy in the specified file.
    
    Parameters:
    
    taintedHTML - Untrusted HTML which may contain malicious code.
    
    filename - The file name of the custom policy to enforce.
    
    Returns:
    
    A CleanResults object which contains information about the scan (including the results).
    
    Throws:
    
    ScanException - When there is a problem encountered while scanning the HTML.
    
    PolicyException - When there is a problem reading the policy file.
  - scan
```
public CleanResults scan(String taintedHTML,
                         File policyFile)
                  throws ScanException,
                         PolicyException
```
    This method wraps scan() using the policy File object passed in.
    
    Parameters:
    
    taintedHTML - Untrusted HTML which may contain malicious code.
    
    policyFile - The File object of the custom policy to enforce.
    
    Returns:
    
    A CleanResults object which contains information about the scan (including the results).
    
    Throws:
    
    ScanException - When there is a problem encountered while scanning the HTML.
    
    PolicyException - When there is a problem reading the policy file.

Class AntiSamy

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

DOM

SAX

Constructor Detail

AntiSamy

AntiSamy

Method Detail

scan

scan

scan

scan

scan

scan

scan