Overview  Package   Class  Use  Tree  Deprecated  Index 
code.google.com home
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.owasp.html
Class PolicyFactory

java.lang.Object
  extended by org.owasp.html.PolicyFactory
All Implemented Interfaces:
com.google.common.base.Function<HtmlStreamEventReceiver,HtmlSanitizer.Policy>
@ThreadSafe
@Immutable
public final class PolicyFactory
extends java.lang.Object
implements com.google.common.base.Function<HtmlStreamEventReceiver,HtmlSanitizer.Policy>

A factory that can be used to link a sanitizer to an output receiver and that provides a convenient sanitize method and a and method to compose policies.

Author:
Mike Samuel

Method Summary
 PolicyFactory and(PolicyFactory f)
          Produces a factory that allows the union of the grants, and intersects policies where they overlap on a particular granted attribute or element name.
 HtmlSanitizer.Policy apply(HtmlStreamEventReceiver out)
          Produces a sanitizer that emits tokens to out.
<CTX> HtmlSanitizer.Policy
apply(HtmlStreamEventReceiver out, HtmlChangeListener<CTX> listener, CTX context)
          Produces a sanitizer that emits tokens to out and that notifies any listener of any dropped tags and attributes.
 java.lang.String sanitize(java.lang.String html)
          A convenience function that sanitizes a string of HTML.
<CTX> java.lang.String
sanitize(java.lang.String html, HtmlChangeListener<CTX> listener, CTX context)
          A convenience function that sanitizes a string of HTML and reports the names of rejected element and attributes to listener.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface com.google.common.base.Function
equals
 

Method Detail

apply

public HtmlSanitizer.Policy apply(@Nonnull
                                  HtmlStreamEventReceiver out)
Produces a sanitizer that emits tokens to out.

Specified by:
apply in interface com.google.common.base.Function<HtmlStreamEventReceiver,HtmlSanitizer.Policy>

apply

public <CTX> HtmlSanitizer.Policy apply(HtmlStreamEventReceiver out,
                                        @Nullable
                                        HtmlChangeListener<CTX> listener,
                                        @Nullable
                                        CTX context)
Produces a sanitizer that emits tokens to out and that notifies any listener of any dropped tags and attributes.

Parameters:
out - a renderer that receives approved tokens only.
listener - if non-null, receives notifications of tags and attributes that were rejected by the policy. This may tie into intrusion detection systems.
context - if (listener != null) then the context value passed with notifications. This can be used to let the listener know from which connection or request the questionable HTML was received.

sanitize

public java.lang.String sanitize(@Nullable
                                 java.lang.String html)
A convenience function that sanitizes a string of HTML.

sanitize

public <CTX> java.lang.String sanitize(@Nullable
                                       java.lang.String html,
                                       @Nullable
                                       HtmlChangeListener<CTX> listener,
                                       @Nullable
                                       CTX context)
A convenience function that sanitizes a string of HTML and reports the names of rejected element and attributes to listener.

Parameters:
html - the string of HTML to sanitize.
listener - if non-null, receives notifications of tags and attributes that were rejected by the policy. This may tie into intrusion detection systems.
context - if (listener != null) then the context value passed with notifications. This can be used to let the listener know from which connection or request the questionable HTML was received.
Returns:
a string of HTML that complies with this factory's policy.

and

public PolicyFactory and(PolicyFactory f)
Produces a factory that allows the union of the grants, and intersects policies where they overlap on a particular granted attribute or element name.

Overview  Package   Class  Use  Tree  Deprecated  Index 
code.google.com home
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD