1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 2 <!--NewPage--> 3 <HTML> 4 <HEAD> 5 <META http-equiv="Content-Type" content="text/html; charset=UTF-8"> 6 <TITLE> 7 HtmlSanitizer (OWASP Java HTML Sanitizer) 8 </TITLE> 9 10 11 <LINK REL ="stylesheet" TYPE="text/css" HREF="../../../stylesheet.css" TITLE="Style"> 12 13 <SCRIPT type="text/javascript"> 14 function windowTitle() 15 { 16 if (location.href.indexOf('is-external=true') == -1) { 17 parent.document.title="HtmlSanitizer (OWASP Java HTML Sanitizer)"; 18 } 19 } 20 </SCRIPT> 21 <NOSCRIPT> 22 </NOSCRIPT> 23 24 </HEAD> 25 26 <BODY BGCOLOR="white" onload="windowTitle();"> 27 <HR> 28 29 30 <!-- ========= START OF TOP NAVBAR ======= --> 31 <A NAME="navbar_top"><!-- --></A> 32 <A HREF="#skip-navbar_top" title="Skip navigation links"></A> 33 <TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> 34 <TR> 35 <TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> 36 <A NAME="navbar_top_firstrow"><!-- --></A> 37 <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> 38 <TR ALIGN="center" VALIGN="top"> 39 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> 40 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A> </TD> 41 <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT> </TD> 42 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/HtmlSanitizer.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A> </TD> 43 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> 44 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> 45 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> 46 </TR> 47 </TABLE> 48 </TD> 49 <TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> 50 <a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM> 51 </TD> 52 </TR> 53 54 <TR> 55 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 56 <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html" title="class in org.owasp.html"><B>PREV CLASS</B></A> 57 <A HREF="../../../org/owasp/html/HtmlSanitizer.Policy.html" title="interface in org.owasp.html"><B>NEXT CLASS</B></A></FONT></TD> 58 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 59 <A HREF="../../../index.html?org/owasp/html/HtmlSanitizer.html" target="_top"><B>FRAMES</B></A> 60 <A HREF="HtmlSanitizer.html" target="_top"><B>NO FRAMES</B></A> 61 <SCRIPT type="text/javascript"> 62 <!-- 63 if(window==top) { 64 document.writeln('<A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A>'); 65 } 66 //--> 67 </SCRIPT> 68 <NOSCRIPT> 69 <A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A> 70 </NOSCRIPT> 71 72 73 </FONT></TD> 74 </TR> 75 <TR> 76 <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 77 SUMMARY: <A HREF="#nested_class_summary">NESTED</A> | FIELD | <A HREF="#constructor_summary">CONSTR</A> | <A HREF="#method_summary">METHOD</A></FONT></TD> 78 <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 79 DETAIL: FIELD | <A HREF="#constructor_detail">CONSTR</A> | <A HREF="#method_detail">METHOD</A></FONT></TD> 80 </TR> 81 </TABLE> 82 <A NAME="skip-navbar_top"></A> 83 <!-- ========= END OF TOP NAVBAR ========= --> 84 85 <HR> 86 <!-- ======== START OF CLASS DATA ======== --> 87 <H2> 88 <FONT SIZE="-1"> 89 org.owasp.html</FONT> 90 <BR> 91 Class HtmlSanitizer</H2> 92 <PRE> 93 java.lang.Object 94 <IMG SRC="../../../resources/inherit.gif" ALT="extended by "><B>org.owasp.html.HtmlSanitizer</B> 95 </PRE> 96 <HR> 97 <DL> 98 <DT><PRE>public final class <A HREF="../../../src-html/org/owasp/html/HtmlSanitizer.html#line.41"><B>HtmlSanitizer</B></A><DT>extends java.lang.Object</DL> 99 </PRE> 100 101 <P> 102 Consumes an HTML stream, and dispatches events to a policy object which 103 decides which elements and attributes to allow. 104 <P> 105 106 <P> 107 <HR> 108 109 <P> 110 <!-- ======== NESTED CLASS SUMMARY ======== --> 111 112 <A NAME="nested_class_summary"><!-- --></A> 113 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 114 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 115 <TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 116 <B>Nested Class Summary</B></FONT></TH> 117 </TR> 118 <TR BGCOLOR="white" CLASS="TableRowColor"> 119 <TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 120 <CODE>static interface</CODE></FONT></TD> 121 <TD><CODE><B><A HREF="../../../org/owasp/html/HtmlSanitizer.Policy.html" title="interface in org.owasp.html">HtmlSanitizer.Policy</A></B></CODE> 122 123 <BR> 124 Receives events based on the HTML stream, and applies a policy to decide 125 what HTML constructs to allow.</TD> 126 </TR> 127 </TABLE> 128 129 <!-- ======== CONSTRUCTOR SUMMARY ======== --> 130 131 <A NAME="constructor_summary"><!-- --></A> 132 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 133 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 134 <TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 135 <B>Constructor Summary</B></FONT></TH> 136 </TR> 137 <TR BGCOLOR="white" CLASS="TableRowColor"> 138 <TD><CODE><B><A HREF="../../../org/owasp/html/HtmlSanitizer.html#HtmlSanitizer()">HtmlSanitizer</A></B>()</CODE> 139 140 <BR> 141 </TD> 142 </TR> 143 </TABLE> 144 145 <!-- ========== METHOD SUMMARY =========== --> 146 147 <A NAME="method_summary"><!-- --></A> 148 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 149 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 150 <TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 151 <B>Method Summary</B></FONT></TH> 152 </TR> 153 <TR BGCOLOR="white" CLASS="TableRowColor"> 154 <TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 155 <CODE>static void</CODE></FONT></TD> 156 <TD><CODE><B><A HREF="../../../org/owasp/html/HtmlSanitizer.html#sanitize(java.lang.String, org.owasp.html.HtmlSanitizer.Policy)">sanitize</A></B>(java.lang.String html, 157 <A HREF="../../../org/owasp/html/HtmlSanitizer.Policy.html" title="interface in org.owasp.html">HtmlSanitizer.Policy</A> policy)</CODE> 158 159 <BR> 160 Sanitizes the given HTML by applying the given policy to it.</TD> 161 </TR> 162 </TABLE> 163 <A NAME="methods_inherited_from_class_java.lang.Object"><!-- --></A> 164 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 165 <TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor"> 166 <TH ALIGN="left"><B>Methods inherited from class java.lang.Object</B></TH> 167 </TR> 168 <TR BGCOLOR="white" CLASS="TableRowColor"> 169 <TD><CODE>clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait</CODE></TD> 170 </TR> 171 </TABLE> 172 173 <P> 174 175 <!-- ========= CONSTRUCTOR DETAIL ======== --> 176 177 <A NAME="constructor_detail"><!-- --></A> 178 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 179 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 180 <TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2"> 181 <B>Constructor Detail</B></FONT></TH> 182 </TR> 183 </TABLE> 184 185 <A NAME="HtmlSanitizer()"><!-- --></A><H3> 186 HtmlSanitizer</H3> 187 <PRE> 188 public <A HREF="../../../src-html/org/owasp/html/HtmlSanitizer.html#line.41"><B>HtmlSanitizer</B></A>()</PRE> 189 <DL> 190 </DL> 191 192 <!-- ============ METHOD DETAIL ========== --> 193 194 <A NAME="method_detail"><!-- --></A> 195 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 196 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 197 <TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2"> 198 <B>Method Detail</B></FONT></TH> 199 </TR> 200 </TABLE> 201 202 <A NAME="sanitize(java.lang.String, org.owasp.html.HtmlSanitizer.Policy)"><!-- --></A><H3> 203 sanitize</H3> 204 <PRE> 205 public static void <A HREF="../../../src-html/org/owasp/html/HtmlSanitizer.html#line.102"><B>sanitize</B></A>(<FONT SIZE="-1">@Nullable</FONT> 206 java.lang.String html, 207 <A HREF="../../../org/owasp/html/HtmlSanitizer.Policy.html" title="interface in org.owasp.html">HtmlSanitizer.Policy</A> policy)</PRE> 208 <DL> 209 <DD>Sanitizes the given HTML by applying the given policy to it. 210 211 <p> 212 This method is not in the TCB. 213 214 <p> 215 This method has no return value since policies are assumed to render things 216 they accept and do nothing on things they reject. 217 Use <A HREF="../../../org/owasp/html/HtmlStreamRenderer.html" title="class in org.owasp.html"><CODE>HtmlStreamRenderer</CODE></A> to render content to an output buffer. 218 <P> 219 <DD><DL> 220 <DT><B>Parameters:</B><DD><CODE>html</CODE> - A snippet of HTML to sanitize. <code>null</code> is treated as the 221 empty string and will not result in a <code>NullPointerException</code>.<DD><CODE>policy</CODE> - The Policy that will receive events based on the tokens in 222 HTML. Typically, this policy ends up routing the events to an 223 <A HREF="../../../org/owasp/html/HtmlStreamRenderer.html" title="class in org.owasp.html"><CODE>HtmlStreamRenderer</CODE></A> after filtering. 224 <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html"><CODE>HtmlPolicyBuilder</CODE></A> provides an easy way to create policies.</DL> 225 </DD> 226 </DL> 227 <!-- ========= END OF CLASS DATA ========= --> 228 <HR> 229 230 231 <!-- ======= START OF BOTTOM NAVBAR ====== --> 232 <A NAME="navbar_bottom"><!-- --></A> 233 <A HREF="#skip-navbar_bottom" title="Skip navigation links"></A> 234 <TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> 235 <TR> 236 <TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> 237 <A NAME="navbar_bottom_firstrow"><!-- --></A> 238 <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> 239 <TR ALIGN="center" VALIGN="top"> 240 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> 241 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A> </TD> 242 <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT> </TD> 243 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/HtmlSanitizer.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A> </TD> 244 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> 245 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> 246 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> 247 </TR> 248 </TABLE> 249 </TD> 250 <TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> 251 <a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM> 252 </TD> 253 </TR> 254 255 <TR> 256 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 257 <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html" title="class in org.owasp.html"><B>PREV CLASS</B></A> 258 <A HREF="../../../org/owasp/html/HtmlSanitizer.Policy.html" title="interface in org.owasp.html"><B>NEXT CLASS</B></A></FONT></TD> 259 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 260 <A HREF="../../../index.html?org/owasp/html/HtmlSanitizer.html" target="_top"><B>FRAMES</B></A> 261 <A HREF="HtmlSanitizer.html" target="_top"><B>NO FRAMES</B></A> 262 <SCRIPT type="text/javascript"> 263 <!-- 264 if(window==top) { 265 document.writeln('<A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A>'); 266 } 267 //--> 268 </SCRIPT> 269 <NOSCRIPT> 270 <A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A> 271 </NOSCRIPT> 272 273 274 </FONT></TD> 275 </TR> 276 <TR> 277 <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 278 SUMMARY: <A HREF="#nested_class_summary">NESTED</A> | FIELD | <A HREF="#constructor_summary">CONSTR</A> | <A HREF="#method_summary">METHOD</A></FONT></TD> 279 <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 280 DETAIL: FIELD | <A HREF="#constructor_detail">CONSTR</A> | <A HREF="#method_detail">METHOD</A></FONT></TD> 281 </TR> 282 </TABLE> 283 <A NAME="skip-navbar_bottom"></A> 284 <!-- ======== END OF BOTTOM NAVBAR ======= --> 285 286 <HR> 287 288 </BODY> 289 </HTML> 290
