A

allowAttributes(String...) - Method in class org.owasp.html.HtmlPolicyBuilder

Returns an object that lets you associate policies with the given attributes, and allow them globally or on specific elements.

allowCommonBlockElements() - Method in class org.owasp.html.HtmlPolicyBuilder

A canned policy that allows a number of common block elements.

allowCommonInlineFormattingElements() - Method in class org.owasp.html.HtmlPolicyBuilder

A canned policy that allows a number of common formatting elements.

allowedProperties() - Method in class org.owasp.html.CssSchema

The set of CSS properties allowed by this schema.

allowElements(String...) - Method in class org.owasp.html.HtmlPolicyBuilder

Allows the named elements.

allowElements(ElementPolicy, String...) - Method in class org.owasp.html.HtmlPolicyBuilder

Allow the given elements with the given policy.

allowProtocolRelativeUrls() - Method in class org.owasp.html.FilterUrlByProtocolAttributePolicy

 

allowsEscapingTextSpan(String) - Static method in enum org.owasp.html.HtmlTextEscapingMode

True iff the content following the given tag allows escaping text spans: <!--&hellip;--> that escape even things that might be an end tag for the corresponding open tag.

allowStandardUrlProtocols() - Method in class org.owasp.html.HtmlPolicyBuilder

A canned URL protocol policy that allows http, https, and mailto.

allowStyling() - Method in class org.owasp.html.HtmlPolicyBuilder

Convert style="<CSS>" to sanitized CSS which allows color, font-size, type-face, and other styling using the default schema; but which does not allow content to escape its clipping context.

allowStyling(CssSchema) - Method in class org.owasp.html.HtmlPolicyBuilder

Convert style="<CSS>" to sanitized CSS which allows color, font-size, type-face, and other styling using the given schema.

allowTextIn(String...) - Method in class org.owasp.html.HtmlPolicyBuilder

Allows text content in the named elements.

allowUrlProtocols(String...) - Method in class org.owasp.html.HtmlPolicyBuilder

Adds to the set of protocols that are allowed in URL attributes.

allowWithoutAttributes(String...) - Method in class org.owasp.html.HtmlPolicyBuilder

Assuming the given elements are allowed, allows them to appear without attributes.

and(PolicyFactory) - Method in class org.owasp.html.PolicyFactory

Produces a factory that allows the union of the grants, and intersects policies where they overlap on a particular granted attribute or element name.

apply(String, String, String) - Method in interface org.owasp.html.AttributePolicy

 

apply(String, List<String>) - Method in interface org.owasp.html.ElementPolicy

 

apply(String, String, String) - Method in class org.owasp.html.FilterUrlByProtocolAttributePolicy

 

apply(HtmlStreamEventReceiver) - Method in class org.owasp.html.PolicyFactory

Produces a sanitizer that emits tokens to out.

apply(HtmlStreamEventReceiver, HtmlChangeListener<CTX>, CTX) - Method in class org.owasp.html.PolicyFactory

Produces a sanitizer that emits tokens to out and that notifies any listener of any dropped tags and attributes.

AttributePolicy - Interface in org.owasp.html

A policy that can be applied to an HTML attribute to decide whether or not to allow it in the output, possibly after transforming its value.

AttributePolicy.Util - Class in org.owasp.html

Utilities for working with attribute policies.

AttributePolicy.Util() - Constructor for class org.owasp.html.AttributePolicy.Util