|
code.google.com home | ||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Objectorg.owasp.html.PolicyFactory
@ThreadSafe @Immutable public final class PolicyFactory
A factory that can be used to link a sanitizer to an output receiver and that
provides a convenient
method and a sanitize method to compose
policies.
and
| Method Summary | ||
|---|---|---|
PolicyFactory |
and(PolicyFactory f)
Produces a factory that allows the union of the grants, and intersects policies where they overlap on a particular granted attribute or element name. |
|
HtmlSanitizer.Policy |
apply(HtmlStreamEventReceiver out)
Produces a sanitizer that emits tokens to out. |
|
|
apply(HtmlStreamEventReceiver out,
HtmlChangeListener<CTX> listener,
CTX context)
Produces a sanitizer that emits tokens to out and that notifies
any listener of any dropped tags and attributes. |
|
java.lang.String |
sanitize(java.lang.String html)
A convenience function that sanitizes a string of HTML. |
|
|
sanitize(java.lang.String html,
HtmlChangeListener<CTX> listener,
CTX context)
A convenience function that sanitizes a string of HTML and reports the names of rejected element and attributes to listener. |
|
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Methods inherited from interface com.google.common.base.Function |
|---|
equals |
| Method Detail |
|---|
public HtmlSanitizer.Policy apply(@Nonnull
HtmlStreamEventReceiver out)
out.
apply in interface com.google.common.base.Function<HtmlStreamEventReceiver,HtmlSanitizer.Policy>
public <CTX> HtmlSanitizer.Policy apply(HtmlStreamEventReceiver out,
@Nullable
HtmlChangeListener<CTX> listener,
@Nullable
CTX context)
out and that notifies
any listener of any dropped tags and attributes.
out - a renderer that receives approved tokens only.listener - if non-null, receives notifications of tags and attributes
that were rejected by the policy. This may tie into intrusion
detection systems.context - if (listener != null) then the context value passed
with notifications. This can be used to let the listener know from
which connection or request the questionable HTML was received.
public java.lang.String sanitize(@Nullable
java.lang.String html)
public <CTX> java.lang.String sanitize(@Nullable
java.lang.String html,
@Nullable
HtmlChangeListener<CTX> listener,
@Nullable
CTX context)
html - the string of HTML to sanitize.listener - if non-null, receives notifications of tags and attributes
that were rejected by the policy. This may tie into intrusion
detection systems.context - if (listener != null) then the context value passed
with notifications. This can be used to let the listener know from
which connection or request the questionable HTML was received.
public PolicyFactory and(PolicyFactory f)
|
code.google.com home | ||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||