1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 2 <!--NewPage--> 3 <HTML> 4 <HEAD> 5 <META http-equiv="Content-Type" content="text/html; charset=UTF-8"> 6 <TITLE> 7 HtmlPolicyBuilder.AttributeBuilder (OWASP Java HTML Sanitizer) 8 </TITLE> 9 10 11 <LINK REL ="stylesheet" TYPE="text/css" HREF="../../../stylesheet.css" TITLE="Style"> 12 13 <SCRIPT type="text/javascript"> 14 function windowTitle() 15 { 16 if (location.href.indexOf('is-external=true') == -1) { 17 parent.document.title="HtmlPolicyBuilder.AttributeBuilder (OWASP Java HTML Sanitizer)"; 18 } 19 } 20 </SCRIPT> 21 <NOSCRIPT> 22 </NOSCRIPT> 23 24 </HEAD> 25 26 <BODY BGCOLOR="white" onload="windowTitle();"> 27 <HR> 28 29 30 <!-- ========= START OF TOP NAVBAR ======= --> 31 <A NAME="navbar_top"><!-- --></A> 32 <A HREF="#skip-navbar_top" title="Skip navigation links"></A> 33 <TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> 34 <TR> 35 <TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> 36 <A NAME="navbar_top_firstrow"><!-- --></A> 37 <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> 38 <TR ALIGN="center" VALIGN="top"> 39 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> 40 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A> </TD> 41 <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT> </TD> 42 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/HtmlPolicyBuilder.AttributeBuilder.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A> </TD> 43 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> 44 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> 45 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> 46 </TR> 47 </TABLE> 48 </TD> 49 <TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> 50 <a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM> 51 </TD> 52 </TR> 53 54 <TR> 55 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 56 <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html"><B>PREV CLASS</B></A> 57 <A HREF="../../../org/owasp/html/HtmlSanitizer.html" title="class in org.owasp.html"><B>NEXT CLASS</B></A></FONT></TD> 58 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 59 <A HREF="../../../index.html?org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html" target="_top"><B>FRAMES</B></A> 60 <A HREF="HtmlPolicyBuilder.AttributeBuilder.html" target="_top"><B>NO FRAMES</B></A> 61 <SCRIPT type="text/javascript"> 62 <!-- 63 if(window==top) { 64 document.writeln('<A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A>'); 65 } 66 //--> 67 </SCRIPT> 68 <NOSCRIPT> 69 <A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A> 70 </NOSCRIPT> 71 72 73 </FONT></TD> 74 </TR> 75 <TR> 76 <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 77 SUMMARY: NESTED | FIELD | CONSTR | <A HREF="#method_summary">METHOD</A></FONT></TD> 78 <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 79 DETAIL: FIELD | CONSTR | <A HREF="#method_detail">METHOD</A></FONT></TD> 80 </TR> 81 </TABLE> 82 <A NAME="skip-navbar_top"></A> 83 <!-- ========= END OF TOP NAVBAR ========= --> 84 85 <HR> 86 <!-- ======== START OF CLASS DATA ======== --> 87 <H2> 88 <FONT SIZE="-1"> 89 org.owasp.html</FONT> 90 <BR> 91 Class HtmlPolicyBuilder.AttributeBuilder</H2> 92 <PRE> 93 java.lang.Object 94 <IMG SRC="../../../resources/inherit.gif" ALT="extended by "><B>org.owasp.html.HtmlPolicyBuilder.AttributeBuilder</B> 95 </PRE> 96 <DL> 97 <DT><B>Enclosing class:</B><DD><A HREF="../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></DD> 98 </DL> 99 <HR> 100 <DL> 101 <DT><PRE>public final class <A HREF="../../../src-html/org/owasp/html/HtmlPolicyBuilder.html#line.634"><B>HtmlPolicyBuilder.AttributeBuilder</B></A><DT>extends java.lang.Object</DL> 102 </PRE> 103 104 <P> 105 Builds the relationship between attributes, the values that they may have, 106 and the elements on which they may appear. 107 <P> 108 109 <P> 110 <DL> 111 <DT><B>Author:</B></DT> 112 <DD>Mike Samuel</DD> 113 </DL> 114 <HR> 115 116 <P> 117 118 <!-- ========== METHOD SUMMARY =========== --> 119 120 <A NAME="method_summary"><!-- --></A> 121 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 122 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 123 <TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 124 <B>Method Summary</B></FONT></TH> 125 </TR> 126 <TR BGCOLOR="white" CLASS="TableRowColor"> 127 <TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 128 <CODE> <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></CODE></FONT></TD> 129 <TD><CODE><B><A HREF="../../../org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html#globally()">globally</A></B>()</CODE> 130 131 <BR> 132 Allows the given attributes on any elements but filters the 133 attributes' values based on previous calls to <code>matching(...)</code>.</TD> 134 </TR> 135 <TR BGCOLOR="white" CLASS="TableRowColor"> 136 <TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 137 <CODE> <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder.AttributeBuilder</A></CODE></FONT></TD> 138 <TD><CODE><B><A HREF="../../../org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html#matching(org.owasp.html.AttributePolicy)">matching</A></B>(<A HREF="../../../org/owasp/html/AttributePolicy.html" title="interface in org.owasp.html">AttributePolicy</A> policy)</CODE> 139 140 <BR> 141 Filters and/or transforms the attribute values 142 allowed by later <code>allow*</code> calls.</TD> 143 </TR> 144 <TR BGCOLOR="white" CLASS="TableRowColor"> 145 <TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 146 <CODE> <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder.AttributeBuilder</A></CODE></FONT></TD> 147 <TD><CODE><B><A HREF="../../../org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html#matching(boolean, java.util.Set)">matching</A></B>(boolean ignoreCase, 148 java.util.Set<? extends java.lang.String> allowedValues)</CODE> 149 150 <BR> 151 Restrict the values allowed by later <code>allow*</code> calls to those 152 supplied.</TD> 153 </TR> 154 <TR BGCOLOR="white" CLASS="TableRowColor"> 155 <TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 156 <CODE> <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder.AttributeBuilder</A></CODE></FONT></TD> 157 <TD><CODE><B><A HREF="../../../org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html#matching(boolean, java.lang.String...)">matching</A></B>(boolean ignoreCase, 158 java.lang.String... allowedValues)</CODE> 159 160 <BR> 161 Restrict the values allowed by later <code>allow*</code> calls to those 162 supplied.</TD> 163 </TR> 164 <TR BGCOLOR="white" CLASS="TableRowColor"> 165 <TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 166 <CODE> <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder.AttributeBuilder</A></CODE></FONT></TD> 167 <TD><CODE><B><A HREF="../../../org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html#matching(java.util.regex.Pattern)">matching</A></B>(java.util.regex.Pattern pattern)</CODE> 168 169 <BR> 170 Restrict the values allowed by later <code>allow*</code> calls to those 171 matching the pattern.</TD> 172 </TR> 173 <TR BGCOLOR="white" CLASS="TableRowColor"> 174 <TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 175 <CODE> <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder.AttributeBuilder</A></CODE></FONT></TD> 176 <TD><CODE><B><A HREF="../../../org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html#matching(com.google.common.base.Predicate)">matching</A></B>(com.google.common.base.Predicate<? super java.lang.String> filter)</CODE> 177 178 <BR> 179 Restrict the values allowed by later <code>allow*</code> calls to those 180 matching the given predicate.</TD> 181 </TR> 182 <TR BGCOLOR="white" CLASS="TableRowColor"> 183 <TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 184 <CODE> <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></CODE></FONT></TD> 185 <TD><CODE><B><A HREF="../../../org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html#onElements(java.lang.String...)">onElements</A></B>(java.lang.String... elementNames)</CODE> 186 187 <BR> 188 Allows the named attributes on the given elements but filters the 189 attributes' values based on previous calls to <code>matching(...)</code>.</TD> 190 </TR> 191 </TABLE> 192 <A NAME="methods_inherited_from_class_java.lang.Object"><!-- --></A> 193 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 194 <TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor"> 195 <TH ALIGN="left"><B>Methods inherited from class java.lang.Object</B></TH> 196 </TR> 197 <TR BGCOLOR="white" CLASS="TableRowColor"> 198 <TD><CODE>clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait</CODE></TD> 199 </TR> 200 </TABLE> 201 202 <P> 203 204 <!-- ============ METHOD DETAIL ========== --> 205 206 <A NAME="method_detail"><!-- --></A> 207 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 208 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 209 <TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2"> 210 <B>Method Detail</B></FONT></TH> 211 </TR> 212 </TABLE> 213 214 <A NAME="matching(org.owasp.html.AttributePolicy)"><!-- --></A><H3> 215 matching</H3> 216 <PRE> 217 public <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder.AttributeBuilder</A> <A HREF="../../../src-html/org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html#line.649"><B>matching</B></A>(<A HREF="../../../org/owasp/html/AttributePolicy.html" title="interface in org.owasp.html">AttributePolicy</A> policy)</PRE> 218 <DL> 219 <DD>Filters and/or transforms the attribute values 220 allowed by later <code>allow*</code> calls. 221 Multiple calls to <code>matching</code> are combined so that the policies 222 receive the value in order, each seeing the value after any 223 transformation by a previous policy. 224 <P> 225 <DD><DL> 226 </DL> 227 </DD> 228 </DL> 229 <HR> 230 231 <A NAME="matching(java.util.regex.Pattern)"><!-- --></A><H3> 232 matching</H3> 233 <PRE> 234 public <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder.AttributeBuilder</A> <A HREF="../../../src-html/org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html#line.660"><B>matching</B></A>(java.util.regex.Pattern pattern)</PRE> 235 <DL> 236 <DD>Restrict the values allowed by later <code>allow*</code> calls to those 237 matching the pattern. 238 Multiple calls to <code>matching</code> are combined to restrict to the 239 intersection of possible matched values. 240 <P> 241 <DD><DL> 242 </DL> 243 </DD> 244 </DL> 245 <HR> 246 247 <A NAME="matching(com.google.common.base.Predicate)"><!-- --></A><H3> 248 matching</H3> 249 <PRE> 250 public <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder.AttributeBuilder</A> <A HREF="../../../src-html/org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html#line.675"><B>matching</B></A>(com.google.common.base.Predicate<? super java.lang.String> filter)</PRE> 251 <DL> 252 <DD>Restrict the values allowed by later <code>allow*</code> calls to those 253 matching the given predicate. 254 Multiple calls to <code>matching</code> are combined to restrict to the 255 intersection of possible matched values. 256 <P> 257 <DD><DL> 258 </DL> 259 </DD> 260 </DL> 261 <HR> 262 263 <A NAME="matching(boolean, java.lang.String...)"><!-- --></A><H3> 264 matching</H3> 265 <PRE> 266 public <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder.AttributeBuilder</A> <A HREF="../../../src-html/org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html#line.691"><B>matching</B></A>(boolean ignoreCase, 267 java.lang.String... allowedValues)</PRE> 268 <DL> 269 <DD>Restrict the values allowed by later <code>allow*</code> calls to those 270 supplied. 271 Multiple calls to <code>matching</code> are combined to restrict to the 272 intersection of possible matched values. 273 <P> 274 <DD><DL> 275 </DL> 276 </DD> 277 </DL> 278 <HR> 279 280 <A NAME="matching(boolean, java.util.Set)"><!-- --></A><H3> 281 matching</H3> 282 <PRE> 283 public <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder.AttributeBuilder</A> <A HREF="../../../src-html/org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html#line.702"><B>matching</B></A>(boolean ignoreCase, 284 java.util.Set<? extends java.lang.String> allowedValues)</PRE> 285 <DL> 286 <DD>Restrict the values allowed by later <code>allow*</code> calls to those 287 supplied. 288 Multiple calls to <code>matching</code> are combined to restrict to the 289 intersection of possible matched values. 290 <P> 291 <DD><DL> 292 </DL> 293 </DD> 294 </DL> 295 <HR> 296 297 <A NAME="globally()"><!-- --></A><H3> 298 globally</H3> 299 <PRE> 300 public <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A> <A HREF="../../../src-html/org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html#line.726"><B>globally</B></A>()</PRE> 301 <DL> 302 <DD>Allows the given attributes on any elements but filters the 303 attributes' values based on previous calls to <code>matching(...)</code>. 304 Global attribute policies are applied after element specific policies. 305 Be careful of using this with attributes like <code>type</code> which 306 have different meanings on different attributes. 307 Also be careful of allowing globally attributes like <code>href</code> 308 which can have more far-reaching effects on tags like 309 <code><base></code> and <code><link></code> than on 310 <code><a></code> because in the former, they have an effect without 311 user interaction and can change the behavior of the current page. 312 <P> 313 <DD><DL> 314 </DL> 315 </DD> 316 </DL> 317 <HR> 318 319 <A NAME="onElements(java.lang.String...)"><!-- --></A><H3> 320 onElements</H3> 321 <PRE> 322 public <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A> <A HREF="../../../src-html/org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html#line.735"><B>onElements</B></A>(java.lang.String... elementNames)</PRE> 323 <DL> 324 <DD>Allows the named attributes on the given elements but filters the 325 attributes' values based on previous calls to <code>matching(...)</code>. 326 <P> 327 <DD><DL> 328 </DL> 329 </DD> 330 </DL> 331 <!-- ========= END OF CLASS DATA ========= --> 332 <HR> 333 334 335 <!-- ======= START OF BOTTOM NAVBAR ====== --> 336 <A NAME="navbar_bottom"><!-- --></A> 337 <A HREF="#skip-navbar_bottom" title="Skip navigation links"></A> 338 <TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> 339 <TR> 340 <TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> 341 <A NAME="navbar_bottom_firstrow"><!-- --></A> 342 <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> 343 <TR ALIGN="center" VALIGN="top"> 344 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> 345 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A> </TD> 346 <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT> </TD> 347 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/HtmlPolicyBuilder.AttributeBuilder.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A> </TD> 348 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> 349 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> 350 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> 351 </TR> 352 </TABLE> 353 </TD> 354 <TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> 355 <a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM> 356 </TD> 357 </TR> 358 359 <TR> 360 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 361 <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html"><B>PREV CLASS</B></A> 362 <A HREF="../../../org/owasp/html/HtmlSanitizer.html" title="class in org.owasp.html"><B>NEXT CLASS</B></A></FONT></TD> 363 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 364 <A HREF="../../../index.html?org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html" target="_top"><B>FRAMES</B></A> 365 <A HREF="HtmlPolicyBuilder.AttributeBuilder.html" target="_top"><B>NO FRAMES</B></A> 366 <SCRIPT type="text/javascript"> 367 <!-- 368 if(window==top) { 369 document.writeln('<A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A>'); 370 } 371 //--> 372 </SCRIPT> 373 <NOSCRIPT> 374 <A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A> 375 </NOSCRIPT> 376 377 378 </FONT></TD> 379 </TR> 380 <TR> 381 <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 382 SUMMARY: NESTED | FIELD | CONSTR | <A HREF="#method_summary">METHOD</A></FONT></TD> 383 <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 384 DETAIL: FIELD | CONSTR | <A HREF="#method_detail">METHOD</A></FONT></TD> 385 </TR> 386 </TABLE> 387 <A NAME="skip-navbar_bottom"></A> 388 <!-- ======== END OF BOTTOM NAVBAR ======= --> 389 390 <HR> 391 392 </BODY> 393 </HTML> 394
