1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 2<!--NewPage--> 3<HTML> 4<HEAD> 5<META http-equiv="Content-Type" content="text/html; charset=UTF-8"> 6<TITLE> 7Sanitizers (OWASP Java HTML Sanitizer) 8</TITLE> 9 10 11<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../stylesheet.css" TITLE="Style"> 12 13<SCRIPT type="text/javascript"> 14function windowTitle() 15{ 16 if (location.href.indexOf('is-external=true') == -1) { 17 parent.document.title="Sanitizers (OWASP Java HTML Sanitizer)"; 18 } 19} 20</SCRIPT> 21<NOSCRIPT> 22</NOSCRIPT> 23 24</HEAD> 25 26<BODY BGCOLOR="white" onload="windowTitle();"> 27<HR> 28 29 30<!-- ========= START OF TOP NAVBAR ======= --> 31<A NAME="navbar_top"><!-- --></A> 32<A HREF="#skip-navbar_top" title="Skip navigation links"></A> 33<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> 34<TR> 35<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> 36<A NAME="navbar_top_firstrow"><!-- --></A> 37<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> 38 <TR ALIGN="center" VALIGN="top"> 39 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> 40 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A> </TD> 41 <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT> </TD> 42 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/Sanitizers.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A> </TD> 43 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> 44 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> 45 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> 46 </TR> 47</TABLE> 48</TD> 49<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> 50<a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM> 51</TD> 52</TR> 53 54<TR> 55<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 56 <A HREF="../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html"><B>PREV CLASS</B></A> 57 <A HREF="../../../org/owasp/html/TagBalancingHtmlStreamEventReceiver.html" title="class in org.owasp.html"><B>NEXT CLASS</B></A></FONT></TD> 58<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 59 <A HREF="../../../index.html?org/owasp/html/Sanitizers.html" target="_top"><B>FRAMES</B></A> 60 <A HREF="Sanitizers.html" target="_top"><B>NO FRAMES</B></A> 61 <SCRIPT type="text/javascript"> 62 <!-- 63 if(window==top) { 64 document.writeln('<A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A>'); 65 } 66 //--> 67</SCRIPT> 68<NOSCRIPT> 69 <A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A> 70</NOSCRIPT> 71 72 73</FONT></TD> 74</TR> 75<TR> 76<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 77 SUMMARY: NESTED | <A HREF="#field_summary">FIELD</A> | CONSTR | <A HREF="#methods_inherited_from_class_java.lang.Object">METHOD</A></FONT></TD> 78<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 79DETAIL: <A HREF="#field_detail">FIELD</A> | CONSTR | METHOD</FONT></TD> 80</TR> 81</TABLE> 82<A NAME="skip-navbar_top"></A> 83<!-- ========= END OF TOP NAVBAR ========= --> 84 85<HR> 86<!-- ======== START OF CLASS DATA ======== --> 87<H2> 88<FONT SIZE="-1"> 89org.owasp.html</FONT> 90<BR> 91Class Sanitizers</H2> 92<PRE> 93java.lang.Object 94 <IMG SRC="../../../resources/inherit.gif" ALT="extended by "><B>org.owasp.html.Sanitizers</B> 95</PRE> 96<HR> 97<DL> 98<DT><PRE>public final class <A HREF="../../../src-html/org/owasp/html/Sanitizers.html#line.53"><B>Sanitizers</B></A><DT>extends java.lang.Object</DL> 99</PRE> 100 101<P> 102Pre-packaged HTML sanitizer policies. 103 104 <p> 105 These policies can be used to sanitize content. 106 </p> 107 <pre> 108 Sanitizers.FORMATTING.sanitize(<code>"<b>Hello, World!</b>"</code>) 109 </pre> 110 and can be chained 111 <pre> 112 PolicyFactory sanitizer = Sanitizers.FORMATTING.and(Sanitizers.BLOCKS); 113 System.out.println(sanitizer.sanitize(<code>"<p>Hello, <b>World!</b>"</code>)); 114 </pre> 115 116 <p> 117 For more fine-grained control over sanitization, use 118 <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html"><CODE>HtmlPolicyBuilder</CODE></A>. 119 </p> 120<P> 121 122<P> 123<DL> 124<DT><B>Author:</B></DT> 125 <DD>Mike Samuel <mikesamuel@gmail.com></DD> 126</DL> 127<HR> 128 129<P> 130<!-- =========== FIELD SUMMARY =========== --> 131 132<A NAME="field_summary"><!-- --></A> 133<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 134<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 135<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 136<B>Field Summary</B></FONT></TH> 137</TR> 138<TR BGCOLOR="white" CLASS="TableRowColor"> 139<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 140<CODE>static <A HREF="../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A></CODE></FONT></TD> 141<TD><CODE><B><A HREF="../../../org/owasp/html/Sanitizers.html#BLOCKS">BLOCKS</A></B></CODE> 142 143<BR> 144 Allows common block elements including <code><p></code>, 145 <code><h1></code>, etc.</TD> 146</TR> 147<TR BGCOLOR="white" CLASS="TableRowColor"> 148<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 149<CODE>static <A HREF="../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A></CODE></FONT></TD> 150<TD><CODE><B><A HREF="../../../org/owasp/html/Sanitizers.html#FORMATTING">FORMATTING</A></B></CODE> 151 152<BR> 153 Allows common formatting elements including <code><b></code>, <code><i></code>, etc.</TD> 154</TR> 155<TR BGCOLOR="white" CLASS="TableRowColor"> 156<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 157<CODE>static <A HREF="../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A></CODE></FONT></TD> 158<TD><CODE><B><A HREF="../../../org/owasp/html/Sanitizers.html#IMAGES">IMAGES</A></B></CODE> 159 160<BR> 161 Allows <code><img></code> elements from HTTP, HTTPS, and relative sources.</TD> 162</TR> 163<TR BGCOLOR="white" CLASS="TableRowColor"> 164<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 165<CODE>static <A HREF="../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A></CODE></FONT></TD> 166<TD><CODE><B><A HREF="../../../org/owasp/html/Sanitizers.html#LINKS">LINKS</A></B></CODE> 167 168<BR> 169 Allows HTTP, HTTPS, MAILTO, and relative links.</TD> 170</TR> 171<TR BGCOLOR="white" CLASS="TableRowColor"> 172<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 173<CODE>static <A HREF="../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A></CODE></FONT></TD> 174<TD><CODE><B><A HREF="../../../org/owasp/html/Sanitizers.html#STYLES">STYLES</A></B></CODE> 175 176<BR> 177 Allows certain safe CSS properties in <code>style="..."</code> attributes.</TD> 178</TR> 179</TABLE> 180 181<!-- ========== METHOD SUMMARY =========== --> 182 183<A NAME="method_summary"><!-- --></A> 184<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 185<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 186<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 187<B>Method Summary</B></FONT></TH> 188</TR> 189</TABLE> 190 <A NAME="methods_inherited_from_class_java.lang.Object"><!-- --></A> 191<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 192<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor"> 193<TH ALIGN="left"><B>Methods inherited from class java.lang.Object</B></TH> 194</TR> 195<TR BGCOLOR="white" CLASS="TableRowColor"> 196<TD><CODE>clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait</CODE></TD> 197</TR> 198</TABLE> 199 200<P> 201 202<!-- ============ FIELD DETAIL =========== --> 203 204<A NAME="field_detail"><!-- --></A> 205<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 206<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 207<TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2"> 208<B>Field Detail</B></FONT></TH> 209</TR> 210</TABLE> 211 212<A NAME="FORMATTING"><!-- --></A><H3> 213FORMATTING</H3> 214<PRE> 215public static final <A HREF="../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A> <A HREF="../../../src-html/org/owasp/html/Sanitizers.html#line.58"><B>FORMATTING</B></A></PRE> 216<DL> 217<DD>Allows common formatting elements including <code><b></code>, <code><i></code>, etc. 218<P> 219<DL> 220</DL> 221</DL> 222<HR> 223 224<A NAME="BLOCKS"><!-- --></A><H3> 225BLOCKS</H3> 226<PRE> 227public static final <A HREF="../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A> <A HREF="../../../src-html/org/owasp/html/Sanitizers.html#line.65"><B>BLOCKS</B></A></PRE> 228<DL> 229<DD>Allows common block elements including <code><p></code>, 230 <code><h1></code>, etc. 231<P> 232<DL> 233</DL> 234</DL> 235<HR> 236 237<A NAME="STYLES"><!-- --></A><H3> 238STYLES</H3> 239<PRE> 240public static final <A HREF="../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A> <A HREF="../../../src-html/org/owasp/html/Sanitizers.html#line.71"><B>STYLES</B></A></PRE> 241<DL> 242<DD>Allows certain safe CSS properties in <code>style="..."</code> attributes. 243<P> 244<DL> 245</DL> 246</DL> 247<HR> 248 249<A NAME="LINKS"><!-- --></A><H3> 250LINKS</H3> 251<PRE> 252public static final <A HREF="../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A> <A HREF="../../../src-html/org/owasp/html/Sanitizers.html#line.77"><B>LINKS</B></A></PRE> 253<DL> 254<DD>Allows HTTP, HTTPS, MAILTO, and relative links. 255<P> 256<DL> 257</DL> 258</DL> 259<HR> 260 261<A NAME="IMAGES"><!-- --></A><H3> 262IMAGES</H3> 263<PRE> 264public static final <A HREF="../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A> <A HREF="../../../src-html/org/owasp/html/Sanitizers.html#line.103"><B>IMAGES</B></A></PRE> 265<DL> 266<DD>Allows <code><img></code> elements from HTTP, HTTPS, and relative sources. 267<P> 268<DL> 269</DL> 270</DL> 271<!-- ========= END OF CLASS DATA ========= --> 272<HR> 273 274 275<!-- ======= START OF BOTTOM NAVBAR ====== --> 276<A NAME="navbar_bottom"><!-- --></A> 277<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A> 278<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> 279<TR> 280<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> 281<A NAME="navbar_bottom_firstrow"><!-- --></A> 282<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> 283 <TR ALIGN="center" VALIGN="top"> 284 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> 285 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A> </TD> 286 <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT> </TD> 287 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/Sanitizers.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A> </TD> 288 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> 289 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> 290 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> 291 </TR> 292</TABLE> 293</TD> 294<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> 295<a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM> 296</TD> 297</TR> 298 299<TR> 300<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 301 <A HREF="../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html"><B>PREV CLASS</B></A> 302 <A HREF="../../../org/owasp/html/TagBalancingHtmlStreamEventReceiver.html" title="class in org.owasp.html"><B>NEXT CLASS</B></A></FONT></TD> 303<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 304 <A HREF="../../../index.html?org/owasp/html/Sanitizers.html" target="_top"><B>FRAMES</B></A> 305 <A HREF="Sanitizers.html" target="_top"><B>NO FRAMES</B></A> 306 <SCRIPT type="text/javascript"> 307 <!-- 308 if(window==top) { 309 document.writeln('<A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A>'); 310 } 311 //--> 312</SCRIPT> 313<NOSCRIPT> 314 <A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A> 315</NOSCRIPT> 316 317 318</FONT></TD> 319</TR> 320<TR> 321<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 322 SUMMARY: NESTED | <A HREF="#field_summary">FIELD</A> | CONSTR | <A HREF="#methods_inherited_from_class_java.lang.Object">METHOD</A></FONT></TD> 323<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 324DETAIL: <A HREF="#field_detail">FIELD</A> | CONSTR | METHOD</FONT></TD> 325</TR> 326</TABLE> 327<A NAME="skip-navbar_bottom"></A> 328<!-- ======== END OF BOTTOM NAVBAR ======= --> 329 330<HR> 331 332</BODY> 333</HTML> 334