1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 2<!--NewPage--> 3<HTML> 4<HEAD> 5<META http-equiv="Content-Type" content="text/html; charset=UTF-8"> 6<TITLE> 7PolicyFactory (OWASP Java HTML Sanitizer) 8</TITLE> 9 10 11<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../stylesheet.css" TITLE="Style"> 12 13<SCRIPT type="text/javascript"> 14function windowTitle() 15{ 16 if (location.href.indexOf('is-external=true') == -1) { 17 parent.document.title="PolicyFactory (OWASP Java HTML Sanitizer)"; 18 } 19} 20</SCRIPT> 21<NOSCRIPT> 22</NOSCRIPT> 23 24</HEAD> 25 26<BODY BGCOLOR="white" onload="windowTitle();"> 27<HR> 28 29 30<!-- ========= START OF TOP NAVBAR ======= --> 31<A NAME="navbar_top"><!-- --></A> 32<A HREF="#skip-navbar_top" title="Skip navigation links"></A> 33<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> 34<TR> 35<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> 36<A NAME="navbar_top_firstrow"><!-- --></A> 37<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> 38 <TR ALIGN="center" VALIGN="top"> 39 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> 40 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A> </TD> 41 <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT> </TD> 42 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/PolicyFactory.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A> </TD> 43 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> 44 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> 45 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> 46 </TR> 47</TABLE> 48</TD> 49<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> 50<a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM> 51</TD> 52</TR> 53 54<TR> 55<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 56 <A HREF="../../../org/owasp/html/HtmlTextEscapingMode.html" title="enum in org.owasp.html"><B>PREV CLASS</B></A> 57 <A HREF="../../../org/owasp/html/Sanitizers.html" title="class in org.owasp.html"><B>NEXT CLASS</B></A></FONT></TD> 58<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 59 <A HREF="../../../index.html?org/owasp/html/PolicyFactory.html" target="_top"><B>FRAMES</B></A> 60 <A HREF="PolicyFactory.html" target="_top"><B>NO FRAMES</B></A> 61 <SCRIPT type="text/javascript"> 62 <!-- 63 if(window==top) { 64 document.writeln('<A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A>'); 65 } 66 //--> 67</SCRIPT> 68<NOSCRIPT> 69 <A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A> 70</NOSCRIPT> 71 72 73</FONT></TD> 74</TR> 75<TR> 76<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 77 SUMMARY: NESTED | FIELD | CONSTR | <A HREF="#method_summary">METHOD</A></FONT></TD> 78<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 79DETAIL: FIELD | CONSTR | <A HREF="#method_detail">METHOD</A></FONT></TD> 80</TR> 81</TABLE> 82<A NAME="skip-navbar_top"></A> 83<!-- ========= END OF TOP NAVBAR ========= --> 84 85<HR> 86<!-- ======== START OF CLASS DATA ======== --> 87<H2> 88<FONT SIZE="-1"> 89org.owasp.html</FONT> 90<BR> 91Class PolicyFactory</H2> 92<PRE> 93java.lang.Object 94 <IMG SRC="../../../resources/inherit.gif" ALT="extended by "><B>org.owasp.html.PolicyFactory</B> 95</PRE> 96<DL> 97<DT><B>All Implemented Interfaces:</B> <DD>com.google.common.base.Function<<A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A>,<A HREF="../../../org/owasp/html/HtmlSanitizer.Policy.html" title="interface in org.owasp.html">HtmlSanitizer.Policy</A>></DD> 98</DL> 99<HR> 100<DL> 101<DT><PRE><FONT SIZE="-1">@ThreadSafe 102@Immutable 103</FONT>public final class <A HREF="../../../src-html/org/owasp/html/PolicyFactory.html#line.53"><B>PolicyFactory</B></A><DT>extends java.lang.Object<DT>implements com.google.common.base.Function<<A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A>,<A HREF="../../../org/owasp/html/HtmlSanitizer.Policy.html" title="interface in org.owasp.html">HtmlSanitizer.Policy</A>></DL> 104</PRE> 105 106<P> 107A factory that can be used to link a sanitizer to an output receiver and that 108 provides a convenient <code><A HREF="../../../org/owasp/html/PolicyFactory.html#sanitize(java.lang.String)"><CODE>sanitize</CODE></A></code> 109 method and a <code><A HREF="../../../org/owasp/html/PolicyFactory.html#and(org.owasp.html.PolicyFactory)"><CODE>and</CODE></A></code> method to compose 110 policies. 111<P> 112 113<P> 114<DL> 115<DT><B>Author:</B></DT> 116 <DD>Mike Samuel <mikesamuel@gmail.com></DD> 117</DL> 118<HR> 119 120<P> 121 122<!-- ========== METHOD SUMMARY =========== --> 123 124<A NAME="method_summary"><!-- --></A> 125<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 126<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 127<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 128<B>Method Summary</B></FONT></TH> 129</TR> 130<TR BGCOLOR="white" CLASS="TableRowColor"> 131<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 132<CODE> <A HREF="../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A></CODE></FONT></TD> 133<TD><CODE><B><A HREF="../../../org/owasp/html/PolicyFactory.html#and(org.owasp.html.PolicyFactory)">and</A></B>(<A HREF="../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A> f)</CODE> 134 135<BR> 136 Produces a factory that allows the union of the grants, and intersects 137 policies where they overlap on a particular granted attribute or element 138 name.</TD> 139</TR> 140<TR BGCOLOR="white" CLASS="TableRowColor"> 141<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 142<CODE> <A HREF="../../../org/owasp/html/HtmlSanitizer.Policy.html" title="interface in org.owasp.html">HtmlSanitizer.Policy</A></CODE></FONT></TD> 143<TD><CODE><B><A HREF="../../../org/owasp/html/PolicyFactory.html#apply(org.owasp.html.HtmlStreamEventReceiver)">apply</A></B>(<A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A> out)</CODE> 144 145<BR> 146 Produces a sanitizer that emits tokens to <code>out</code>.</TD> 147</TR> 148<TR BGCOLOR="white" CLASS="TableRowColor"> 149<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 150<CODE> 151<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0" SUMMARY=""> 152<TR ALIGN="right" VALIGN=""> 153<TD NOWRAP><FONT SIZE="-1"> 154<CODE><CTX> <A HREF="../../../org/owasp/html/HtmlSanitizer.Policy.html" title="interface in org.owasp.html">HtmlSanitizer.Policy</A></CODE></FONT></TD> 155</TR> 156</TABLE> 157</CODE></FONT></TD> 158<TD><CODE><B><A HREF="../../../org/owasp/html/PolicyFactory.html#apply(org.owasp.html.HtmlStreamEventReceiver, org.owasp.html.HtmlChangeListener, CTX)">apply</A></B>(<A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A> out, 159 <A HREF="../../../org/owasp/html/HtmlChangeListener.html" title="interface in org.owasp.html">HtmlChangeListener</A><CTX> listener, 160 CTX context)</CODE> 161 162<BR> 163 Produces a sanitizer that emits tokens to <code>out</code> and that notifies 164 any <code>listener</code> of any dropped tags and attributes.</TD> 165</TR> 166<TR BGCOLOR="white" CLASS="TableRowColor"> 167<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 168<CODE> java.lang.String</CODE></FONT></TD> 169<TD><CODE><B><A HREF="../../../org/owasp/html/PolicyFactory.html#sanitize(java.lang.String)">sanitize</A></B>(java.lang.String html)</CODE> 170 171<BR> 172 A convenience function that sanitizes a string of HTML.</TD> 173</TR> 174<TR BGCOLOR="white" CLASS="TableRowColor"> 175<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 176<CODE> 177<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0" SUMMARY=""> 178<TR ALIGN="right" VALIGN=""> 179<TD NOWRAP><FONT SIZE="-1"> 180<CODE><CTX> java.lang.String</CODE></FONT></TD> 181</TR> 182</TABLE> 183</CODE></FONT></TD> 184<TD><CODE><B><A HREF="../../../org/owasp/html/PolicyFactory.html#sanitize(java.lang.String, org.owasp.html.HtmlChangeListener, CTX)">sanitize</A></B>(java.lang.String html, 185 <A HREF="../../../org/owasp/html/HtmlChangeListener.html" title="interface in org.owasp.html">HtmlChangeListener</A><CTX> listener, 186 CTX context)</CODE> 187 188<BR> 189 A convenience function that sanitizes a string of HTML and reports 190 the names of rejected element and attributes to listener.</TD> 191</TR> 192</TABLE> 193 <A NAME="methods_inherited_from_class_java.lang.Object"><!-- --></A> 194<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 195<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor"> 196<TH ALIGN="left"><B>Methods inherited from class java.lang.Object</B></TH> 197</TR> 198<TR BGCOLOR="white" CLASS="TableRowColor"> 199<TD><CODE>clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait</CODE></TD> 200</TR> 201</TABLE> 202 <A NAME="methods_inherited_from_class_com.google.common.base.Function"><!-- --></A> 203<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 204<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor"> 205<TH ALIGN="left"><B>Methods inherited from interface com.google.common.base.Function</B></TH> 206</TR> 207<TR BGCOLOR="white" CLASS="TableRowColor"> 208<TD><CODE>equals</CODE></TD> 209</TR> 210</TABLE> 211 212<P> 213 214<!-- ============ METHOD DETAIL ========== --> 215 216<A NAME="method_detail"><!-- --></A> 217<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 218<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 219<TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2"> 220<B>Method Detail</B></FONT></TH> 221</TR> 222</TABLE> 223 224<A NAME="apply(org.owasp.html.HtmlStreamEventReceiver)"><!-- --></A><H3> 225apply</H3> 226<PRE> 227public <A HREF="../../../org/owasp/html/HtmlSanitizer.Policy.html" title="interface in org.owasp.html">HtmlSanitizer.Policy</A> <A HREF="../../../src-html/org/owasp/html/PolicyFactory.html#line.70"><B>apply</B></A>(<FONT SIZE="-1">@Nonnull</FONT> 228 <A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A> out)</PRE> 229<DL> 230<DD>Produces a sanitizer that emits tokens to <code>out</code>. 231<P> 232<DD><DL> 233<DT><B>Specified by:</B><DD><CODE>apply</CODE> in interface <CODE>com.google.common.base.Function<<A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A>,<A HREF="../../../org/owasp/html/HtmlSanitizer.Policy.html" title="interface in org.owasp.html">HtmlSanitizer.Policy</A>></CODE></DL> 234</DD> 235<DD><DL> 236</DL> 237</DD> 238</DL> 239<HR> 240 241<A NAME="apply(org.owasp.html.HtmlStreamEventReceiver,org.owasp.html.HtmlChangeListener,java.lang.Object)"><!-- --></A><A NAME="apply(org.owasp.html.HtmlStreamEventReceiver, org.owasp.html.HtmlChangeListener, CTX)"><!-- --></A><H3> 242apply</H3> 243<PRE> 244public <CTX> <A HREF="../../../org/owasp/html/HtmlSanitizer.Policy.html" title="interface in org.owasp.html">HtmlSanitizer.Policy</A> <A HREF="../../../src-html/org/owasp/html/PolicyFactory.html#line.86"><B>apply</B></A>(<A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A> out, 245 <FONT SIZE="-1">@Nullable</FONT> 246 <A HREF="../../../org/owasp/html/HtmlChangeListener.html" title="interface in org.owasp.html">HtmlChangeListener</A><CTX> listener, 247 <FONT SIZE="-1">@Nullable</FONT> 248 CTX context)</PRE> 249<DL> 250<DD>Produces a sanitizer that emits tokens to <code>out</code> and that notifies 251 any <code>listener</code> of any dropped tags and attributes. 252<P> 253<DD><DL> 254</DL> 255</DD> 256<DD><DL> 257<DT><B>Parameters:</B><DD><CODE>out</CODE> - a renderer that receives approved tokens only.<DD><CODE>listener</CODE> - if non-null, receives notifications of tags and attributes 258 that were rejected by the policy. This may tie into intrusion 259 detection systems.<DD><CODE>context</CODE> - if <code>(listener != null)</code> then the context value passed 260 with notifications. This can be used to let the listener know from 261 which connection or request the questionable HTML was received.</DL> 262</DD> 263</DL> 264<HR> 265 266<A NAME="sanitize(java.lang.String)"><!-- --></A><H3> 267sanitize</H3> 268<PRE> 269public java.lang.String <A HREF="../../../src-html/org/owasp/html/PolicyFactory.html#line.100"><B>sanitize</B></A>(<FONT SIZE="-1">@Nullable</FONT> 270 java.lang.String html)</PRE> 271<DL> 272<DD>A convenience function that sanitizes a string of HTML. 273<P> 274<DD><DL> 275</DL> 276</DD> 277<DD><DL> 278</DL> 279</DD> 280</DL> 281<HR> 282 283<A NAME="sanitize(java.lang.String,org.owasp.html.HtmlChangeListener,java.lang.Object)"><!-- --></A><A NAME="sanitize(java.lang.String, org.owasp.html.HtmlChangeListener, CTX)"><!-- --></A><H3> 284sanitize</H3> 285<PRE> 286public <CTX> java.lang.String <A HREF="../../../src-html/org/owasp/html/PolicyFactory.html#line.116"><B>sanitize</B></A>(<FONT SIZE="-1">@Nullable</FONT> 287 java.lang.String html, 288 <FONT SIZE="-1">@Nullable</FONT> 289 <A HREF="../../../org/owasp/html/HtmlChangeListener.html" title="interface in org.owasp.html">HtmlChangeListener</A><CTX> listener, 290 <FONT SIZE="-1">@Nullable</FONT> 291 CTX context)</PRE> 292<DL> 293<DD>A convenience function that sanitizes a string of HTML and reports 294 the names of rejected element and attributes to listener. 295<P> 296<DD><DL> 297</DL> 298</DD> 299<DD><DL> 300<DT><B>Parameters:</B><DD><CODE>html</CODE> - the string of HTML to sanitize.<DD><CODE>listener</CODE> - if non-null, receives notifications of tags and attributes 301 that were rejected by the policy. This may tie into intrusion 302 detection systems.<DD><CODE>context</CODE> - if <code>(listener != null)</code> then the context value passed 303 with notifications. This can be used to let the listener know from 304 which connection or request the questionable HTML was received. 305<DT><B>Returns:</B><DD>a string of HTML that complies with this factory's policy.</DL> 306</DD> 307</DL> 308<HR> 309 310<A NAME="and(org.owasp.html.PolicyFactory)"><!-- --></A><H3> 311and</H3> 312<PRE> 313public <A HREF="../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A> <A HREF="../../../src-html/org/owasp/html/PolicyFactory.html#line.133"><B>and</B></A>(<A HREF="../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A> f)</PRE> 314<DL> 315<DD>Produces a factory that allows the union of the grants, and intersects 316 policies where they overlap on a particular granted attribute or element 317 name. 318<P> 319<DD><DL> 320</DL> 321</DD> 322<DD><DL> 323</DL> 324</DD> 325</DL> 326<!-- ========= END OF CLASS DATA ========= --> 327<HR> 328 329 330<!-- ======= START OF BOTTOM NAVBAR ====== --> 331<A NAME="navbar_bottom"><!-- --></A> 332<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A> 333<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> 334<TR> 335<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> 336<A NAME="navbar_bottom_firstrow"><!-- --></A> 337<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> 338 <TR ALIGN="center" VALIGN="top"> 339 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> 340 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A> </TD> 341 <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT> </TD> 342 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/PolicyFactory.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A> </TD> 343 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> 344 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> 345 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> 346 </TR> 347</TABLE> 348</TD> 349<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> 350<a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM> 351</TD> 352</TR> 353 354<TR> 355<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 356 <A HREF="../../../org/owasp/html/HtmlTextEscapingMode.html" title="enum in org.owasp.html"><B>PREV CLASS</B></A> 357 <A HREF="../../../org/owasp/html/Sanitizers.html" title="class in org.owasp.html"><B>NEXT CLASS</B></A></FONT></TD> 358<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 359 <A HREF="../../../index.html?org/owasp/html/PolicyFactory.html" target="_top"><B>FRAMES</B></A> 360 <A HREF="PolicyFactory.html" target="_top"><B>NO FRAMES</B></A> 361 <SCRIPT type="text/javascript"> 362 <!-- 363 if(window==top) { 364 document.writeln('<A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A>'); 365 } 366 //--> 367</SCRIPT> 368<NOSCRIPT> 369 <A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A> 370</NOSCRIPT> 371 372 373</FONT></TD> 374</TR> 375<TR> 376<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 377 SUMMARY: NESTED | FIELD | CONSTR | <A HREF="#method_summary">METHOD</A></FONT></TD> 378<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 379DETAIL: FIELD | CONSTR | <A HREF="#method_detail">METHOD</A></FONT></TD> 380</TR> 381</TABLE> 382<A NAME="skip-navbar_bottom"></A> 383<!-- ======== END OF BOTTOM NAVBAR ======= --> 384 385<HR> 386 387</BODY> 388</HTML> 389
