1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 2 <!--NewPage--> 3 <HTML> 4 <HEAD> 5 <META http-equiv="Content-Type" content="text/html; charset=UTF-8"> 6 <TITLE> 7 org.owasp.html (OWASP Java HTML Sanitizer) 8 </TITLE> 9 10 11 <LINK REL ="stylesheet" TYPE="text/css" HREF="../../../stylesheet.css" TITLE="Style"> 12 13 <SCRIPT type="text/javascript"> 14 function windowTitle() 15 { 16 if (location.href.indexOf('is-external=true') == -1) { 17 parent.document.title="org.owasp.html (OWASP Java HTML Sanitizer)"; 18 } 19 } 20 </SCRIPT> 21 <NOSCRIPT> 22 </NOSCRIPT> 23 24 </HEAD> 25 26 <BODY BGCOLOR="white" onload="windowTitle();"> 27 <HR> 28 29 30 <!-- ========= START OF TOP NAVBAR ======= --> 31 <A NAME="navbar_top"><!-- --></A> 32 <A HREF="#skip-navbar_top" title="Skip navigation links"></A> 33 <TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> 34 <TR> 35 <TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> 36 <A NAME="navbar_top_firstrow"><!-- --></A> 37 <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> 38 <TR ALIGN="center" VALIGN="top"> 39 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> 40 <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Package</B></FONT> </TD> 41 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT> </TD> 42 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-use.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A> </TD> 43 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> 44 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> 45 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> 46 </TR> 47 </TABLE> 48 </TD> 49 <TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> 50 <a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM> 51 </TD> 52 </TR> 53 54 <TR> 55 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 56 PREV PACKAGE 57 <A HREF="../../../org/owasp/html/examples/package-summary.html"><B>NEXT PACKAGE</B></A></FONT></TD> 58 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 59 <A HREF="../../../index.html?org/owasp/html/package-summary.html" target="_top"><B>FRAMES</B></A> 60 <A HREF="package-summary.html" target="_top"><B>NO FRAMES</B></A> 61 <SCRIPT type="text/javascript"> 62 <!-- 63 if(window==top) { 64 document.writeln('<A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A>'); 65 } 66 //--> 67 </SCRIPT> 68 <NOSCRIPT> 69 <A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A> 70 </NOSCRIPT> 71 72 73 </FONT></TD> 74 </TR> 75 </TABLE> 76 <A NAME="skip-navbar_top"></A> 77 <!-- ========= END OF TOP NAVBAR ========= --> 78 79 <HR> 80 <FONT SIZE="-1">@ParametersAreNonnullByDefault 81 </FONT><H2> 82 Package org.owasp.html 83 </H2> 84 An efficient <A HREF="../../../org/owasp/html/HtmlSanitizer.html" title="class in org.owasp.html"><CODE>HtmlSanitizer</CODE></A> 85 configurable via a flexible 86 <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html"><CODE>HtmlPolicyBuilder</CODE></A>. 87 <P> 88 <B>See:</B> 89 <BR> 90 <A HREF="#package_description"><B>Description</B></A> 91 <P> 92 93 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 94 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 95 <TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 96 <B>Interface Summary</B></FONT></TH> 97 </TR> 98 <TR BGCOLOR="white" CLASS="TableRowColor"> 99 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/AttributePolicy.html" title="interface in org.owasp.html">AttributePolicy</A></B></TD> 100 <TD>A policy that can be applied to an HTML attribute to decide whether or not to 101 allow it in the output, possibly after transforming its value.</TD> 102 </TR> 103 <TR BGCOLOR="white" CLASS="TableRowColor"> 104 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/ElementPolicy.html" title="interface in org.owasp.html">ElementPolicy</A></B></TD> 105 <TD>A policy that can be applied to an element to decide whether or not to 106 allow it in the output, possibly after transforming attributes.</TD> 107 </TR> 108 <TR BGCOLOR="white" CLASS="TableRowColor"> 109 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/Handler.html" title="interface in org.owasp.html">Handler<T></A></B></TD> 110 <TD>Receives notification of problems.</TD> 111 </TR> 112 <TR BGCOLOR="white" CLASS="TableRowColor"> 113 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlChangeListener.html" title="interface in org.owasp.html">HtmlChangeListener<T></A></B></TD> 114 <TD>Receives events when an HTML tag, or attribute is discarded.</TD> 115 </TR> 116 <TR BGCOLOR="white" CLASS="TableRowColor"> 117 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlSanitizer.Policy.html" title="interface in org.owasp.html">HtmlSanitizer.Policy</A></B></TD> 118 <TD>Receives events based on the HTML stream, and applies a policy to decide 119 what HTML constructs to allow.</TD> 120 </TR> 121 <TR BGCOLOR="white" CLASS="TableRowColor"> 122 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A></B></TD> 123 <TD>A light-weight SAX-like listener for HTML.</TD> 124 </TR> 125 </TABLE> 126 127 128 <P> 129 130 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 131 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 132 <TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 133 <B>Class Summary</B></FONT></TH> 134 </TR> 135 <TR BGCOLOR="white" CLASS="TableRowColor"> 136 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/AttributePolicy.Util.html" title="class in org.owasp.html">AttributePolicy.Util</A></B></TD> 137 <TD>Utilities for working with attribute policies.</TD> 138 </TR> 139 <TR BGCOLOR="white" CLASS="TableRowColor"> 140 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/CssSchema.html" title="class in org.owasp.html">CssSchema</A></B></TD> 141 <TD>Describes the kinds of tokens a CSS property's value can safely contain.</TD> 142 </TR> 143 <TR BGCOLOR="white" CLASS="TableRowColor"> 144 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/ElementPolicy.Util.html" title="class in org.owasp.html">ElementPolicy.Util</A></B></TD> 145 <TD>Utilities for working with element policies.</TD> 146 </TR> 147 <TR BGCOLOR="white" CLASS="TableRowColor"> 148 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/FilterUrlByProtocolAttributePolicy.html" title="class in org.owasp.html">FilterUrlByProtocolAttributePolicy</A></B></TD> 149 <TD>An attribute policy for attributes whose values are URLs that requires that 150 the value have no protocol or have an allowed protocol.</TD> 151 </TR> 152 <TR BGCOLOR="white" CLASS="TableRowColor"> 153 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlChangeReporter.html" title="class in org.owasp.html">HtmlChangeReporter<T></A></B></TD> 154 <TD>Sits between the HTML parser, and then policy, and the renderer so that it 155 can report dropped elements and attributes to an <A HREF="../../../org/owasp/html/HtmlChangeListener.html" title="interface in org.owasp.html"><CODE>HtmlChangeListener</CODE></A>.</TD> 156 </TR> 157 <TR BGCOLOR="white" CLASS="TableRowColor"> 158 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></B></TD> 159 <TD>Conveniences for configuring policies for the <A HREF="../../../org/owasp/html/HtmlSanitizer.html" title="class in org.owasp.html"><CODE>HtmlSanitizer</CODE></A>.</TD> 160 </TR> 161 <TR BGCOLOR="white" CLASS="TableRowColor"> 162 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlSanitizer.html" title="class in org.owasp.html">HtmlSanitizer</A></B></TD> 163 <TD>Consumes an HTML stream, and dispatches events to a policy object which 164 decides which elements and attributes to allow.</TD> 165 </TR> 166 <TR BGCOLOR="white" CLASS="TableRowColor"> 167 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlStreamRenderer.html" title="class in org.owasp.html">HtmlStreamRenderer</A></B></TD> 168 <TD>Given a series of HTML tokens, writes valid, normalized HTML to the output.</TD> 169 </TR> 170 <TR BGCOLOR="white" CLASS="TableRowColor"> 171 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A></B></TD> 172 <TD>A factory that can be used to link a sanitizer to an output receiver and that 173 provides a convenient <code><A HREF="../../../org/owasp/html/PolicyFactory.html#sanitize(java.lang.String)"><CODE>sanitize</CODE></A></code> 174 method and a <code><A HREF="../../../org/owasp/html/PolicyFactory.html#and(org.owasp.html.PolicyFactory)"><CODE>and</CODE></A></code> method to compose 175 policies.</TD> 176 </TR> 177 <TR BGCOLOR="white" CLASS="TableRowColor"> 178 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/Sanitizers.html" title="class in org.owasp.html">Sanitizers</A></B></TD> 179 <TD>Pre-packaged HTML sanitizer policies.</TD> 180 </TR> 181 <TR BGCOLOR="white" CLASS="TableRowColor"> 182 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/TagBalancingHtmlStreamEventReceiver.html" title="class in org.owasp.html">TagBalancingHtmlStreamEventReceiver</A></B></TD> 183 <TD>Wraps an HTML stream event receiver to fill in missing close tags.</TD> 184 </TR> 185 </TABLE> 186 187 188 <P> 189 190 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 191 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 192 <TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 193 <B>Enum Summary</B></FONT></TH> 194 </TR> 195 <TR BGCOLOR="white" CLASS="TableRowColor"> 196 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlTextEscapingMode.html" title="enum in org.owasp.html">HtmlTextEscapingMode</A></B></TD> 197 <TD>From section 8.1.2.6 of http://www.whatwg.org/specs/web-apps/current-work/</TD> 198 </TR> 199 </TABLE> 200 201 202 <P> 203 204 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 205 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 206 <TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 207 <B>Annotation Types Summary</B></FONT></TH> 208 </TR> 209 <TR BGCOLOR="white" CLASS="TableRowColor"> 210 <TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/TCB.html" title="annotation in org.owasp.html">TCB</A></B></TD> 211 <TD>Indicates that a program element is in the trusted computing base -- 212 there exists a security property that could be violated if this code is not 213 correct.</TD> 214 </TR> 215 </TABLE> 216 217 218 <P> 219 <A NAME="package_description"><!-- --></A><H2> 220 Package org.owasp.html Description 221 </H2> 222 223 <P> 224 An efficient <A HREF="../../../org/owasp/html/HtmlSanitizer.html" title="class in org.owasp.html"><CODE>HtmlSanitizer</CODE></A> 225 configurable via a flexible 226 <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html"><CODE>HtmlPolicyBuilder</CODE></A>. 227 <P> 228 229 <P> 230 <DL> 231 <DT><B>Author:</B></DT> 232 <DD>Mike Samuel <mikesamuel (a] gmail.com></DD> 233 </DL> 234 <HR> 235 236 237 <!-- ======= START OF BOTTOM NAVBAR ====== --> 238 <A NAME="navbar_bottom"><!-- --></A> 239 <A HREF="#skip-navbar_bottom" title="Skip navigation links"></A> 240 <TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> 241 <TR> 242 <TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> 243 <A NAME="navbar_bottom_firstrow"><!-- --></A> 244 <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> 245 <TR ALIGN="center" VALIGN="top"> 246 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> 247 <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Package</B></FONT> </TD> 248 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT> </TD> 249 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-use.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A> </TD> 250 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> 251 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> 252 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> 253 </TR> 254 </TABLE> 255 </TD> 256 <TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> 257 <a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM> 258 </TD> 259 </TR> 260 261 <TR> 262 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 263 PREV PACKAGE 264 <A HREF="../../../org/owasp/html/examples/package-summary.html"><B>NEXT PACKAGE</B></A></FONT></TD> 265 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 266 <A HREF="../../../index.html?org/owasp/html/package-summary.html" target="_top"><B>FRAMES</B></A> 267 <A HREF="package-summary.html" target="_top"><B>NO FRAMES</B></A> 268 <SCRIPT type="text/javascript"> 269 <!-- 270 if(window==top) { 271 document.writeln('<A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A>'); 272 } 273 //--> 274 </SCRIPT> 275 <NOSCRIPT> 276 <A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A> 277 </NOSCRIPT> 278 279 280 </FONT></TD> 281 </TR> 282 </TABLE> 283 <A NAME="skip-navbar_bottom"></A> 284 <!-- ======== END OF BOTTOM NAVBAR ======= --> 285 286 <HR> 287 288 </BODY> 289 </HTML> 290