Home | History | Annotate | Download | only in html
      1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
      2 <!--NewPage-->
      3 <HTML>
      4 <HEAD>
      5 <META http-equiv="Content-Type" content="text/html; charset=UTF-8">
      6 <TITLE>
      7 org.owasp.html (OWASP Java HTML Sanitizer)
      8 </TITLE>
      9 
     10 
     11 <LINK REL ="stylesheet" TYPE="text/css" HREF="../../../stylesheet.css" TITLE="Style">
     12 
     13 <SCRIPT type="text/javascript">
     14 function windowTitle()
     15 {
     16     if (location.href.indexOf('is-external=true') == -1) {
     17         parent.document.title="org.owasp.html (OWASP Java HTML Sanitizer)";
     18     }
     19 }
     20 </SCRIPT>
     21 <NOSCRIPT>
     22 </NOSCRIPT>
     23 
     24 </HEAD>
     25 
     26 <BODY BGCOLOR="white" onload="windowTitle();">
     27 <HR>
     28 
     29 
     30 <!-- ========= START OF TOP NAVBAR ======= -->
     31 <A NAME="navbar_top"><!-- --></A>
     32 <A HREF="#skip-navbar_top" title="Skip navigation links"></A>
     33 <TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
     34 <TR>
     35 <TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
     36 <A NAME="navbar_top_firstrow"><!-- --></A>
     37 <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
     38   <TR ALIGN="center" VALIGN="top">
     39   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
     40   <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Package</B></FONT>&nbsp;</TD>
     41   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
     42   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="package-use.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
     43   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
     44   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
     45   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
     46   </TR>
     47 </TABLE>
     48 </TD>
     49 <TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
     50 <a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM>
     51 </TD>
     52 </TR>
     53 
     54 <TR>
     55 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
     56 &nbsp;PREV PACKAGE&nbsp;
     57 &nbsp;<A HREF="../../../org/owasp/html/examples/package-summary.html"><B>NEXT PACKAGE</B></A></FONT></TD>
     58 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
     59   <A HREF="../../../index.html?org/owasp/html/package-summary.html" target="_top"><B>FRAMES</B></A>  &nbsp;
     60 &nbsp;<A HREF="package-summary.html" target="_top"><B>NO FRAMES</B></A>  &nbsp;
     61 &nbsp;<SCRIPT type="text/javascript">
     62   <!--
     63   if(window==top) {
     64     document.writeln('<A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A>');
     65   }
     66   //-->
     67 </SCRIPT>
     68 <NOSCRIPT>
     69   <A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A>
     70 </NOSCRIPT>
     71 
     72 
     73 </FONT></TD>
     74 </TR>
     75 </TABLE>
     76 <A NAME="skip-navbar_top"></A>
     77 <!-- ========= END OF TOP NAVBAR ========= -->
     78 
     79 <HR>
     80 <FONT SIZE="-1">@ParametersAreNonnullByDefault
     81 </FONT><H2>
     82 Package org.owasp.html
     83 </H2>
     84 An efficient <A HREF="../../../org/owasp/html/HtmlSanitizer.html" title="class in org.owasp.html"><CODE>HtmlSanitizer</CODE></A>
     85  configurable via a flexible
     86  <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html"><CODE>HtmlPolicyBuilder</CODE></A>.
     87 <P>
     88 <B>See:</B>
     89 <BR>
     90 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<A HREF="#package_description"><B>Description</B></A>
     91 <P>
     92 
     93 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
     94 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
     95 <TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2">
     96 <B>Interface Summary</B></FONT></TH>
     97 </TR>
     98 <TR BGCOLOR="white" CLASS="TableRowColor">
     99 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/AttributePolicy.html" title="interface in org.owasp.html">AttributePolicy</A></B></TD>
    100 <TD>A policy that can be applied to an HTML attribute to decide whether or not to
    101  allow it in the output, possibly after transforming its value.</TD>
    102 </TR>
    103 <TR BGCOLOR="white" CLASS="TableRowColor">
    104 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/ElementPolicy.html" title="interface in org.owasp.html">ElementPolicy</A></B></TD>
    105 <TD>A policy that can be applied to an element to decide whether or not to
    106  allow it in the output, possibly after transforming attributes.</TD>
    107 </TR>
    108 <TR BGCOLOR="white" CLASS="TableRowColor">
    109 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/Handler.html" title="interface in org.owasp.html">Handler&lt;T&gt;</A></B></TD>
    110 <TD>Receives notification of problems.</TD>
    111 </TR>
    112 <TR BGCOLOR="white" CLASS="TableRowColor">
    113 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlChangeListener.html" title="interface in org.owasp.html">HtmlChangeListener&lt;T&gt;</A></B></TD>
    114 <TD>Receives events when an HTML tag, or attribute is discarded.</TD>
    115 </TR>
    116 <TR BGCOLOR="white" CLASS="TableRowColor">
    117 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlSanitizer.Policy.html" title="interface in org.owasp.html">HtmlSanitizer.Policy</A></B></TD>
    118 <TD>Receives events based on the HTML stream, and applies a policy to decide
    119  what HTML constructs to allow.</TD>
    120 </TR>
    121 <TR BGCOLOR="white" CLASS="TableRowColor">
    122 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A></B></TD>
    123 <TD>A light-weight SAX-like listener for HTML.</TD>
    124 </TR>
    125 </TABLE>
    126 &nbsp;
    127 
    128 <P>
    129 
    130 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
    131 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
    132 <TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2">
    133 <B>Class Summary</B></FONT></TH>
    134 </TR>
    135 <TR BGCOLOR="white" CLASS="TableRowColor">
    136 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/AttributePolicy.Util.html" title="class in org.owasp.html">AttributePolicy.Util</A></B></TD>
    137 <TD>Utilities for working with attribute policies.</TD>
    138 </TR>
    139 <TR BGCOLOR="white" CLASS="TableRowColor">
    140 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/CssSchema.html" title="class in org.owasp.html">CssSchema</A></B></TD>
    141 <TD>Describes the kinds of tokens a CSS property's value can safely contain.</TD>
    142 </TR>
    143 <TR BGCOLOR="white" CLASS="TableRowColor">
    144 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/ElementPolicy.Util.html" title="class in org.owasp.html">ElementPolicy.Util</A></B></TD>
    145 <TD>Utilities for working with element policies.</TD>
    146 </TR>
    147 <TR BGCOLOR="white" CLASS="TableRowColor">
    148 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/FilterUrlByProtocolAttributePolicy.html" title="class in org.owasp.html">FilterUrlByProtocolAttributePolicy</A></B></TD>
    149 <TD>An attribute policy for attributes whose values are URLs that requires that
    150  the value have no protocol or have an allowed protocol.</TD>
    151 </TR>
    152 <TR BGCOLOR="white" CLASS="TableRowColor">
    153 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlChangeReporter.html" title="class in org.owasp.html">HtmlChangeReporter&lt;T&gt;</A></B></TD>
    154 <TD>Sits between the HTML parser, and then policy, and the renderer so that it
    155  can report dropped elements and attributes to an <A HREF="../../../org/owasp/html/HtmlChangeListener.html" title="interface in org.owasp.html"><CODE>HtmlChangeListener</CODE></A>.</TD>
    156 </TR>
    157 <TR BGCOLOR="white" CLASS="TableRowColor">
    158 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></B></TD>
    159 <TD>Conveniences for configuring policies for the <A HREF="../../../org/owasp/html/HtmlSanitizer.html" title="class in org.owasp.html"><CODE>HtmlSanitizer</CODE></A>.</TD>
    160 </TR>
    161 <TR BGCOLOR="white" CLASS="TableRowColor">
    162 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlSanitizer.html" title="class in org.owasp.html">HtmlSanitizer</A></B></TD>
    163 <TD>Consumes an HTML stream, and dispatches events to a policy object which
    164  decides which elements and attributes to allow.</TD>
    165 </TR>
    166 <TR BGCOLOR="white" CLASS="TableRowColor">
    167 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlStreamRenderer.html" title="class in org.owasp.html">HtmlStreamRenderer</A></B></TD>
    168 <TD>Given a series of HTML tokens, writes valid, normalized HTML to the output.</TD>
    169 </TR>
    170 <TR BGCOLOR="white" CLASS="TableRowColor">
    171 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A></B></TD>
    172 <TD>A factory that can be used to link a sanitizer to an output receiver and that
    173  provides a convenient <code><A HREF="../../../org/owasp/html/PolicyFactory.html#sanitize(java.lang.String)"><CODE>sanitize</CODE></A></code>
    174  method and a <code><A HREF="../../../org/owasp/html/PolicyFactory.html#and(org.owasp.html.PolicyFactory)"><CODE>and</CODE></A></code> method to compose
    175  policies.</TD>
    176 </TR>
    177 <TR BGCOLOR="white" CLASS="TableRowColor">
    178 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/Sanitizers.html" title="class in org.owasp.html">Sanitizers</A></B></TD>
    179 <TD>Pre-packaged HTML sanitizer policies.</TD>
    180 </TR>
    181 <TR BGCOLOR="white" CLASS="TableRowColor">
    182 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/TagBalancingHtmlStreamEventReceiver.html" title="class in org.owasp.html">TagBalancingHtmlStreamEventReceiver</A></B></TD>
    183 <TD>Wraps an HTML stream event receiver to fill in missing close tags.</TD>
    184 </TR>
    185 </TABLE>
    186 &nbsp;
    187 
    188 <P>
    189 
    190 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
    191 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
    192 <TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2">
    193 <B>Enum Summary</B></FONT></TH>
    194 </TR>
    195 <TR BGCOLOR="white" CLASS="TableRowColor">
    196 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlTextEscapingMode.html" title="enum in org.owasp.html">HtmlTextEscapingMode</A></B></TD>
    197 <TD>From section 8.1.2.6 of http://www.whatwg.org/specs/web-apps/current-work/</TD>
    198 </TR>
    199 </TABLE>
    200 &nbsp;
    201 
    202 <P>
    203 
    204 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
    205 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
    206 <TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2">
    207 <B>Annotation Types Summary</B></FONT></TH>
    208 </TR>
    209 <TR BGCOLOR="white" CLASS="TableRowColor">
    210 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/TCB.html" title="annotation in org.owasp.html">TCB</A></B></TD>
    211 <TD>Indicates that a program element is in the trusted computing base --
    212  there exists a security property that could be violated if this code is not
    213  correct.</TD>
    214 </TR>
    215 </TABLE>
    216 &nbsp;
    217 
    218 <P>
    219 <A NAME="package_description"><!-- --></A><H2>
    220 Package org.owasp.html Description
    221 </H2>
    222 
    223 <P>
    224 An efficient <A HREF="../../../org/owasp/html/HtmlSanitizer.html" title="class in org.owasp.html"><CODE>HtmlSanitizer</CODE></A>
    225  configurable via a flexible
    226  <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html"><CODE>HtmlPolicyBuilder</CODE></A>.
    227 <P>
    228 
    229 <P>
    230 <DL>
    231 <DT><B>Author:</B></DT>
    232   <DD>Mike Samuel <mikesamuel (a] gmail.com></DD>
    233 </DL>
    234 <HR>
    235 
    236 
    237 <!-- ======= START OF BOTTOM NAVBAR ====== -->
    238 <A NAME="navbar_bottom"><!-- --></A>
    239 <A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
    240 <TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
    241 <TR>
    242 <TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
    243 <A NAME="navbar_bottom_firstrow"><!-- --></A>
    244 <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
    245   <TR ALIGN="center" VALIGN="top">
    246   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
    247   <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Package</B></FONT>&nbsp;</TD>
    248   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
    249   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="package-use.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
    250   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
    251   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
    252   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
    253   </TR>
    254 </TABLE>
    255 </TD>
    256 <TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
    257 <a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM>
    258 </TD>
    259 </TR>
    260 
    261 <TR>
    262 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
    263 &nbsp;PREV PACKAGE&nbsp;
    264 &nbsp;<A HREF="../../../org/owasp/html/examples/package-summary.html"><B>NEXT PACKAGE</B></A></FONT></TD>
    265 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
    266   <A HREF="../../../index.html?org/owasp/html/package-summary.html" target="_top"><B>FRAMES</B></A>  &nbsp;
    267 &nbsp;<A HREF="package-summary.html" target="_top"><B>NO FRAMES</B></A>  &nbsp;
    268 &nbsp;<SCRIPT type="text/javascript">
    269   <!--
    270   if(window==top) {
    271     document.writeln('<A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A>');
    272   }
    273   //-->
    274 </SCRIPT>
    275 <NOSCRIPT>
    276   <A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A>
    277 </NOSCRIPT>
    278 
    279 
    280 </FONT></TD>
    281 </TR>
    282 </TABLE>
    283 <A NAME="skip-navbar_bottom"></A>
    284 <!-- ======== END OF BOTTOM NAVBAR ======= -->
    285 
    286 <HR>
    287 
    288 </BODY>
    289 </HTML>
    290