Home | History | Annotate | Download | only in html 
      1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
      2 <!--NewPage-->
      3 <HTML>
      4 <HEAD>
      5 <META http-equiv="Content-Type" content="text/html; charset=UTF-8">
      6 <TITLE>
      7 HtmlSanitizer.Policy (OWASP Java HTML Sanitizer)
      8 </TITLE>
      9 
     10 
     11 <LINK REL ="stylesheet" TYPE="text/css" HREF="../../../stylesheet.css" TITLE="Style">
     12 
     13 <SCRIPT type="text/javascript">
     14 function windowTitle()
     15 {
     16     if (location.href.indexOf('is-external=true') == -1) {
     17         parent.document.title="HtmlSanitizer.Policy (OWASP Java HTML Sanitizer)";
     18     }
     19 }
     20 </SCRIPT>
     21 <NOSCRIPT>
     22 </NOSCRIPT>
     23 
     24 </HEAD>
     25 
     26 <BODY BGCOLOR="white" onload="windowTitle();">
     27 <HR>
     28 
     29 
     30 <!-- ========= START OF TOP NAVBAR ======= -->
     31 <A NAME="navbar_top"><!-- --></A>
     32 <A HREF="#skip-navbar_top" title="Skip navigation links"></A>
     33 <TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
     34 <TR>
     35 <TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
     36 <A NAME="navbar_top_firstrow"><!-- --></A>
     37 <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
     38   <TR ALIGN="center" VALIGN="top">
     39   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
     40   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
     41   <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
     42   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="class-use/HtmlSanitizer.Policy.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
     43   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
     44   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
     45   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
     46   </TR>
     47 </TABLE>
     48 </TD>
     49 <TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
     50 <a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM>
     51 </TD>
     52 </TR>
     53 
     54 <TR>
     55 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
     56 &nbsp;<A HREF="../../../org/owasp/html/HtmlSanitizer.html" title="class in org.owasp.html"><B>PREV CLASS</B></A>&nbsp;
     57 &nbsp;<A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html"><B>NEXT CLASS</B></A></FONT></TD>
     58 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
     59   <A HREF="../../../index.html?org/owasp/html/HtmlSanitizer.Policy.html" target="_top"><B>FRAMES</B></A>  &nbsp;
     60 &nbsp;<A HREF="HtmlSanitizer.Policy.html" target="_top"><B>NO FRAMES</B></A>  &nbsp;
     61 &nbsp;<SCRIPT type="text/javascript">
     62   <!--
     63   if(window==top) {
     64     document.writeln('<A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A>');
     65   }
     66   //-->
     67 </SCRIPT>
     68 <NOSCRIPT>
     69   <A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A>
     70 </NOSCRIPT>
     71 
     72 
     73 </FONT></TD>
     74 </TR>
     75 <TR>
     76 <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
     77   SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
     78 <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
     79 DETAIL:&nbsp;FIELD&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
     80 </TR>
     81 </TABLE>
     82 <A NAME="skip-navbar_top"></A>
     83 <!-- ========= END OF TOP NAVBAR ========= -->
     84 
     85 <HR>
     86 <!-- ======== START OF CLASS DATA ======== -->
     87 <H2>
     88 <FONT SIZE="-1">
     89 org.owasp.html</FONT>
     90 <BR>
     91 Interface HtmlSanitizer.Policy</H2>
     92 <DL>
     93 <DT><B>All Superinterfaces:</B> <DD><A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A></DD>
     94 </DL>
     95 <DL>
     96 <DT><B>Enclosing class:</B><DD><A HREF="../../../org/owasp/html/HtmlSanitizer.html" title="class in org.owasp.html">HtmlSanitizer</A></DD>
     97 </DL>
     98 <HR>
     99 <DL>
    100 <DT><PRE>public static interface <A HREF="../../../src-html/org/owasp/html/HtmlSanitizer.html#line.53"><B>HtmlSanitizer.Policy</B></A><DT>extends <A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A></DL>
    101 </PRE>
    102 
    103 <P>
    104 Receives events based on the HTML stream, and applies a policy to decide
    105  what HTML constructs to allow.
    106  Typically, implementations use an <A HREF="../../../org/owasp/html/HtmlStreamRenderer.html" title="class in org.owasp.html"><CODE>HtmlStreamRenderer</CODE></A> to produce
    107  the sanitized output.
    108 
    109  <p>
    110  <b>Implementations of this class are in the TCB.</b></p>
    111 <P>
    112 
    113 <P>
    114 <HR>
    115 
    116 <P>
    117 
    118 <!-- ========== METHOD SUMMARY =========== -->
    119 
    120 <A NAME="method_summary"><!-- --></A>
    121 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
    122 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
    123 <TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2">
    124 <B>Method Summary</B></FONT></TH>
    125 </TR>
    126 <TR BGCOLOR="white" CLASS="TableRowColor">
    127 <TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
    128 <CODE>&nbsp;void</CODE></FONT></TD>
    129 <TD><CODE><B><A HREF="../../../org/owasp/html/HtmlSanitizer.Policy.html#closeTag(java.lang.String)">closeTag</A></B>(java.lang.String&nbsp;elementName)</CODE>
    130 
    131 <BR>
    132 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Called when an HTML tag like <code>&lt;/foo&gt;</code> is seen in the input.</TD>
    133 </TR>
    134 <TR BGCOLOR="white" CLASS="TableRowColor">
    135 <TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
    136 <CODE>&nbsp;void</CODE></FONT></TD>
    137 <TD><CODE><B><A HREF="../../../org/owasp/html/HtmlSanitizer.Policy.html#openTag(java.lang.String, java.util.List)">openTag</A></B>(java.lang.String&nbsp;elementName,
    138                java.util.List&lt;java.lang.String&gt;&nbsp;attrs)</CODE>
    139 
    140 <BR>
    141 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Called when an HTML tag like <code>&lt;foo bar=baz&gt;</code> is seen in the input.</TD>
    142 </TR>
    143 <TR BGCOLOR="white" CLASS="TableRowColor">
    144 <TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
    145 <CODE>&nbsp;void</CODE></FONT></TD>
    146 <TD><CODE><B><A HREF="../../../org/owasp/html/HtmlSanitizer.Policy.html#text(java.lang.String)">text</A></B>(java.lang.String&nbsp;textChunk)</CODE>
    147 
    148 <BR>
    149 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Called when textual content is seen.</TD>
    150 </TR>
    151 </TABLE>
    152 &nbsp;<A NAME="methods_inherited_from_class_org.owasp.html.HtmlStreamEventReceiver"><!-- --></A>
    153 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
    154 <TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor">
    155 <TH ALIGN="left"><B>Methods inherited from interface org.owasp.html.<A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A></B></TH>
    156 </TR>
    157 <TR BGCOLOR="white" CLASS="TableRowColor">
    158 <TD><CODE><A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html#closeDocument()">closeDocument</A>, <A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html#openDocument()">openDocument</A></CODE></TD>
    159 </TR>
    160 </TABLE>
    161 &nbsp;
    162 <P>
    163 
    164 <!-- ============ METHOD DETAIL ========== -->
    165 
    166 <A NAME="method_detail"><!-- --></A>
    167 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
    168 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
    169 <TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2">
    170 <B>Method Detail</B></FONT></TH>
    171 </TR>
    172 </TABLE>
    173 
    174 <A NAME="openTag(java.lang.String, java.util.List)"><!-- --></A><H3>
    175 openTag</H3>
    176 <PRE>
    177 void <A HREF="../../../src-html/org/owasp/html/HtmlSanitizer.Policy.html#line.67"><B>openTag</B></A>(java.lang.String&nbsp;elementName,
    178              java.util.List&lt;java.lang.String&gt;&nbsp;attrs)</PRE>
    179 <DL>
    180 <DD>Called when an HTML tag like <code>&lt;foo bar=baz&gt;</code> is seen in the input.
    181 <P>
    182 <DD><DL>
    183 <DT><B>Specified by:</B><DD><CODE><A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html#openTag(java.lang.String, java.util.List)">openTag</A></CODE> in interface <CODE><A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A></CODE></DL>
    184 </DD>
    185 <DD><DL>
    186 <DT><B>Parameters:</B><DD><CODE>elementName</CODE> - a normalized (lower-case for non-namespaced names)
    187      element name.<DD><CODE>attrs</CODE> - a list of alternating attribute name and value pairs.
    188      For efficiency, this list may be mutated by this during this method
    189      call, but ownership reverts to the caller on method exit.
    190      The values are raw -- HTML entities have been decoded.
    191      Specifically, implementations are allowed to use a list iterator
    192      and remove all disallowed attributes, add necessary attributes, and
    193      then pass the list to an <A HREF="../../../org/owasp/html/HtmlStreamRenderer.html" title="class in org.owasp.html"><CODE>HtmlStreamRenderer</CODE></A>.</DL>
    194 </DD>
    195 </DL>
    196 <HR>
    197 
    198 <A NAME="closeTag(java.lang.String)"><!-- --></A><H3>
    199 closeTag</H3>
    200 <PRE>
    201 void <A HREF="../../../src-html/org/owasp/html/HtmlSanitizer.Policy.html#line.75"><B>closeTag</B></A>(java.lang.String&nbsp;elementName)</PRE>
    202 <DL>
    203 <DD>Called when an HTML tag like <code>&lt;/foo&gt;</code> is seen in the input.
    204 <P>
    205 <DD><DL>
    206 <DT><B>Specified by:</B><DD><CODE><A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html#closeTag(java.lang.String)">closeTag</A></CODE> in interface <CODE><A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A></CODE></DL>
    207 </DD>
    208 <DD><DL>
    209 <DT><B>Parameters:</B><DD><CODE>elementName</CODE> - a normalized (lower-case for non-namespaced names)
    210      element name.</DL>
    211 </DD>
    212 </DL>
    213 <HR>
    214 
    215 <A NAME="text(java.lang.String)"><!-- --></A><H3>
    216 text</H3>
    217 <PRE>
    218 void <A HREF="../../../src-html/org/owasp/html/HtmlSanitizer.Policy.html#line.81"><B>text</B></A>(java.lang.String&nbsp;textChunk)</PRE>
    219 <DL>
    220 <DD>Called when textual content is seen.
    221 <P>
    222 <DD><DL>
    223 <DT><B>Specified by:</B><DD><CODE><A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html#text(java.lang.String)">text</A></CODE> in interface <CODE><A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A></CODE></DL>
    224 </DD>
    225 <DD><DL>
    226 <DT><B>Parameters:</B><DD><CODE>textChunk</CODE> - raw content -- HTML entities have been decoded.</DL>
    227 </DD>
    228 </DL>
    229 <!-- ========= END OF CLASS DATA ========= -->
    230 <HR>
    231 
    232 
    233 <!-- ======= START OF BOTTOM NAVBAR ====== -->
    234 <A NAME="navbar_bottom"><!-- --></A>
    235 <A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
    236 <TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
    237 <TR>
    238 <TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
    239 <A NAME="navbar_bottom_firstrow"><!-- --></A>
    240 <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
    241   <TR ALIGN="center" VALIGN="top">
    242   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
    243   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
    244   <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
    245   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="class-use/HtmlSanitizer.Policy.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
    246   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
    247   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
    248   <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
    249   </TR>
    250 </TABLE>
    251 </TD>
    252 <TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
    253 <a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM>
    254 </TD>
    255 </TR>
    256 
    257 <TR>
    258 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
    259 &nbsp;<A HREF="../../../org/owasp/html/HtmlSanitizer.html" title="class in org.owasp.html"><B>PREV CLASS</B></A>&nbsp;
    260 &nbsp;<A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html"><B>NEXT CLASS</B></A></FONT></TD>
    261 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
    262   <A HREF="../../../index.html?org/owasp/html/HtmlSanitizer.Policy.html" target="_top"><B>FRAMES</B></A>  &nbsp;
    263 &nbsp;<A HREF="HtmlSanitizer.Policy.html" target="_top"><B>NO FRAMES</B></A>  &nbsp;
    264 &nbsp;<SCRIPT type="text/javascript">
    265   <!--
    266   if(window==top) {
    267     document.writeln('<A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A>');
    268   }
    269   //-->
    270 </SCRIPT>
    271 <NOSCRIPT>
    272   <A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A>
    273 </NOSCRIPT>
    274 
    275 
    276 </FONT></TD>
    277 </TR>
    278 <TR>
    279 <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
    280   SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
    281 <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
    282 DETAIL:&nbsp;FIELD&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
    283 </TR>
    284 </TABLE>
    285 <A NAME="skip-navbar_bottom"></A>
    286 <!-- ======== END OF BOTTOM NAVBAR ======= -->
    287 
    288 <HR>
    289 
    290 </BODY>
    291 </HTML>
    292