1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 2<!--NewPage--> 3<HTML> 4<HEAD> 5<META http-equiv="Content-Type" content="text/html; charset=UTF-8"> 6<TITLE> 7SlashdotPolicyExample (OWASP Java HTML Sanitizer) 8</TITLE> 9 10 11<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../stylesheet.css" TITLE="Style"> 12 13<SCRIPT type="text/javascript"> 14function windowTitle() 15{ 16 if (location.href.indexOf('is-external=true') == -1) { 17 parent.document.title="SlashdotPolicyExample (OWASP Java HTML Sanitizer)"; 18 } 19} 20</SCRIPT> 21<NOSCRIPT> 22</NOSCRIPT> 23 24</HEAD> 25 26<BODY BGCOLOR="white" onload="windowTitle();"> 27<HR> 28 29 30<!-- ========= START OF TOP NAVBAR ======= --> 31<A NAME="navbar_top"><!-- --></A> 32<A HREF="#skip-navbar_top" title="Skip navigation links"></A> 33<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> 34<TR> 35<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> 36<A NAME="navbar_top_firstrow"><!-- --></A> 37<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> 38 <TR ALIGN="center" VALIGN="top"> 39 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> 40 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A> </TD> 41 <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT> </TD> 42 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/SlashdotPolicyExample.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A> </TD> 43 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> 44 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> 45 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> 46 </TR> 47</TABLE> 48</TD> 49<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> 50<a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM> 51</TD> 52</TR> 53 54<TR> 55<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 56 <A HREF="../../../../org/owasp/html/examples/EbayPolicyExample.html" title="class in org.owasp.html.examples"><B>PREV CLASS</B></A> 57 <A HREF="../../../../org/owasp/html/examples/UrlTextExample.html" title="class in org.owasp.html.examples"><B>NEXT CLASS</B></A></FONT></TD> 58<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 59 <A HREF="../../../../index.html?org/owasp/html/examples/SlashdotPolicyExample.html" target="_top"><B>FRAMES</B></A> 60 <A HREF="SlashdotPolicyExample.html" target="_top"><B>NO FRAMES</B></A> 61 <SCRIPT type="text/javascript"> 62 <!-- 63 if(window==top) { 64 document.writeln('<A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A>'); 65 } 66 //--> 67</SCRIPT> 68<NOSCRIPT> 69 <A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A> 70</NOSCRIPT> 71 72 73</FONT></TD> 74</TR> 75<TR> 76<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 77 SUMMARY: NESTED | <A HREF="#field_summary">FIELD</A> | <A HREF="#constructor_summary">CONSTR</A> | <A HREF="#method_summary">METHOD</A></FONT></TD> 78<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 79DETAIL: <A HREF="#field_detail">FIELD</A> | <A HREF="#constructor_detail">CONSTR</A> | <A HREF="#method_detail">METHOD</A></FONT></TD> 80</TR> 81</TABLE> 82<A NAME="skip-navbar_top"></A> 83<!-- ========= END OF TOP NAVBAR ========= --> 84 85<HR> 86<!-- ======== START OF CLASS DATA ======== --> 87<H2> 88<FONT SIZE="-1"> 89org.owasp.html.examples</FONT> 90<BR> 91Class SlashdotPolicyExample</H2> 92<PRE> 93java.lang.Object 94 <IMG SRC="../../../../resources/inherit.gif" ALT="extended by "><B>org.owasp.html.examples.SlashdotPolicyExample</B> 95</PRE> 96<HR> 97<DL> 98<DT><PRE>public class <A HREF="../../../../src-html/org/owasp/html/examples/SlashdotPolicyExample.html#line.64"><B>SlashdotPolicyExample</B></A><DT>extends java.lang.Object</DL> 99</PRE> 100 101<P> 102Based on the 103 <a href="http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project#Stage_2_-_Choosing_a_base_policy_file">AntiSamy Slashdot example</a>. 104 <blockquote> 105 Slashdot (http://www.slashdot.org/) is a techie news site that allows users 106 to respond anonymously to news posts with very limited HTML markup. Now 107 Slashdot is not only one of the coolest sites around, it's also one that's 108 been subject to many different successful attacks. Even more unfortunate is 109 the fact that most of the attacks led users to the infamous goatse.cx picture 110 (please don't go look it up). The rules for Slashdot are fairly strict: users 111 can only submit the following HTML tags and no CSS: <code><b></code>, <code><u></code>, 112 <code><i></code>, <code><a></code>, <code><blockquote></code>. 113 <br> 114 Accordingly, we've built a policy file that allows fairly similar 115 functionality. All text-formatting tags that operate directly on the font, 116 color or emphasis have been allowed. 117 </blockquote> 118<P> 119 120<P> 121<HR> 122 123<P> 124<!-- =========== FIELD SUMMARY =========== --> 125 126<A NAME="field_summary"><!-- --></A> 127<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 128<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 129<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 130<B>Field Summary</B></FONT></TH> 131</TR> 132<TR BGCOLOR="white" CLASS="TableRowColor"> 133<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 134<CODE>static com.google.common.base.Function<<A HREF="../../../../org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A>,<A HREF="../../../../org/owasp/html/HtmlSanitizer.Policy.html" title="interface in org.owasp.html">HtmlSanitizer.Policy</A>></CODE></FONT></TD> 135<TD><CODE><B><A HREF="../../../../org/owasp/html/examples/SlashdotPolicyExample.html#POLICY_DEFINITION">POLICY_DEFINITION</A></B></CODE> 136 137<BR> 138 A policy definition that matches the minimal HTML that Slashdot allows.</TD> 139</TR> 140</TABLE> 141 142<!-- ======== CONSTRUCTOR SUMMARY ======== --> 143 144<A NAME="constructor_summary"><!-- --></A> 145<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 146<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 147<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 148<B>Constructor Summary</B></FONT></TH> 149</TR> 150<TR BGCOLOR="white" CLASS="TableRowColor"> 151<TD><CODE><B><A HREF="../../../../org/owasp/html/examples/SlashdotPolicyExample.html#SlashdotPolicyExample()">SlashdotPolicyExample</A></B>()</CODE> 152 153<BR> 154 </TD> 155</TR> 156</TABLE> 157 158<!-- ========== METHOD SUMMARY =========== --> 159 160<A NAME="method_summary"><!-- --></A> 161<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 162<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 163<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 164<B>Method Summary</B></FONT></TH> 165</TR> 166<TR BGCOLOR="white" CLASS="TableRowColor"> 167<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 168<CODE>static void</CODE></FONT></TD> 169<TD><CODE><B><A HREF="../../../../org/owasp/html/examples/SlashdotPolicyExample.html#main(java.lang.String[])">main</A></B>(java.lang.String[] args)</CODE> 170 171<BR> 172 </TD> 173</TR> 174</TABLE> 175 <A NAME="methods_inherited_from_class_java.lang.Object"><!-- --></A> 176<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 177<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor"> 178<TH ALIGN="left"><B>Methods inherited from class java.lang.Object</B></TH> 179</TR> 180<TR BGCOLOR="white" CLASS="TableRowColor"> 181<TD><CODE>clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait</CODE></TD> 182</TR> 183</TABLE> 184 185<P> 186 187<!-- ============ FIELD DETAIL =========== --> 188 189<A NAME="field_detail"><!-- --></A> 190<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 191<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 192<TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2"> 193<B>Field Detail</B></FONT></TH> 194</TR> 195</TABLE> 196 197<A NAME="POLICY_DEFINITION"><!-- --></A><H3> 198POLICY_DEFINITION</H3> 199<PRE> 200public static final com.google.common.base.Function<<A HREF="../../../../org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A>,<A HREF="../../../../org/owasp/html/HtmlSanitizer.Policy.html" title="interface in org.owasp.html">HtmlSanitizer.Policy</A>> <A HREF="../../../../src-html/org/owasp/html/examples/SlashdotPolicyExample.html#line.68"><B>POLICY_DEFINITION</B></A></PRE> 201<DL> 202<DD>A policy definition that matches the minimal HTML that Slashdot allows. 203<P> 204<DL> 205</DL> 206</DL> 207 208<!-- ========= CONSTRUCTOR DETAIL ======== --> 209 210<A NAME="constructor_detail"><!-- --></A> 211<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 212<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 213<TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2"> 214<B>Constructor Detail</B></FONT></TH> 215</TR> 216</TABLE> 217 218<A NAME="SlashdotPolicyExample()"><!-- --></A><H3> 219SlashdotPolicyExample</H3> 220<PRE> 221public <A HREF="../../../../src-html/org/owasp/html/examples/SlashdotPolicyExample.html#line.64"><B>SlashdotPolicyExample</B></A>()</PRE> 222<DL> 223</DL> 224 225<!-- ============ METHOD DETAIL ========== --> 226 227<A NAME="method_detail"><!-- --></A> 228<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 229<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 230<TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2"> 231<B>Method Detail</B></FONT></TH> 232</TR> 233</TABLE> 234 235<A NAME="main(java.lang.String[])"><!-- --></A><H3> 236main</H3> 237<PRE> 238public static void <A HREF="../../../../src-html/org/owasp/html/examples/SlashdotPolicyExample.html#line.92"><B>main</B></A>(java.lang.String[] args) 239 throws java.io.IOException</PRE> 240<DL> 241<DD><DL> 242 243<DT><B>Throws:</B> 244<DD><CODE>java.io.IOException</CODE></DL> 245</DD> 246</DL> 247<!-- ========= END OF CLASS DATA ========= --> 248<HR> 249 250 251<!-- ======= START OF BOTTOM NAVBAR ====== --> 252<A NAME="navbar_bottom"><!-- --></A> 253<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A> 254<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> 255<TR> 256<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> 257<A NAME="navbar_bottom_firstrow"><!-- --></A> 258<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> 259 <TR ALIGN="center" VALIGN="top"> 260 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> 261 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A> </TD> 262 <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT> </TD> 263 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/SlashdotPolicyExample.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A> </TD> 264 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> 265 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> 266 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> 267 </TR> 268</TABLE> 269</TD> 270<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> 271<a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM> 272</TD> 273</TR> 274 275<TR> 276<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 277 <A HREF="../../../../org/owasp/html/examples/EbayPolicyExample.html" title="class in org.owasp.html.examples"><B>PREV CLASS</B></A> 278 <A HREF="../../../../org/owasp/html/examples/UrlTextExample.html" title="class in org.owasp.html.examples"><B>NEXT CLASS</B></A></FONT></TD> 279<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 280 <A HREF="../../../../index.html?org/owasp/html/examples/SlashdotPolicyExample.html" target="_top"><B>FRAMES</B></A> 281 <A HREF="SlashdotPolicyExample.html" target="_top"><B>NO FRAMES</B></A> 282 <SCRIPT type="text/javascript"> 283 <!-- 284 if(window==top) { 285 document.writeln('<A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A>'); 286 } 287 //--> 288</SCRIPT> 289<NOSCRIPT> 290 <A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A> 291</NOSCRIPT> 292 293 294</FONT></TD> 295</TR> 296<TR> 297<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 298 SUMMARY: NESTED | <A HREF="#field_summary">FIELD</A> | <A HREF="#constructor_summary">CONSTR</A> | <A HREF="#method_summary">METHOD</A></FONT></TD> 299<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 300DETAIL: <A HREF="#field_detail">FIELD</A> | <A HREF="#constructor_detail">CONSTR</A> | <A HREF="#method_detail">METHOD</A></FONT></TD> 301</TR> 302</TABLE> 303<A NAME="skip-navbar_bottom"></A> 304<!-- ======== END OF BOTTOM NAVBAR ======= --> 305 306<HR> 307 308</BODY> 309</HTML> 310
