1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 2<!--NewPage--> 3<HTML> 4<HEAD> 5<META http-equiv="Content-Type" content="text/html; charset=UTF-8"> 6<TITLE> 7org.owasp.html (OWASP Java HTML Sanitizer) 8</TITLE> 9 10 11<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../stylesheet.css" TITLE="Style"> 12 13<SCRIPT type="text/javascript"> 14function windowTitle() 15{ 16 if (location.href.indexOf('is-external=true') == -1) { 17 parent.document.title="org.owasp.html (OWASP Java HTML Sanitizer)"; 18 } 19} 20</SCRIPT> 21<NOSCRIPT> 22</NOSCRIPT> 23 24</HEAD> 25 26<BODY BGCOLOR="white" onload="windowTitle();"> 27<HR> 28 29 30<!-- ========= START OF TOP NAVBAR ======= --> 31<A NAME="navbar_top"><!-- --></A> 32<A HREF="#skip-navbar_top" title="Skip navigation links"></A> 33<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> 34<TR> 35<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> 36<A NAME="navbar_top_firstrow"><!-- --></A> 37<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> 38 <TR ALIGN="center" VALIGN="top"> 39 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> 40 <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Package</B></FONT> </TD> 41 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT> </TD> 42 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-use.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A> </TD> 43 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> 44 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> 45 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> 46 </TR> 47</TABLE> 48</TD> 49<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> 50<a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM> 51</TD> 52</TR> 53 54<TR> 55<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 56 PREV PACKAGE 57 <A HREF="../../../org/owasp/html/examples/package-summary.html"><B>NEXT PACKAGE</B></A></FONT></TD> 58<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 59 <A HREF="../../../index.html?org/owasp/html/package-summary.html" target="_top"><B>FRAMES</B></A> 60 <A HREF="package-summary.html" target="_top"><B>NO FRAMES</B></A> 61 <SCRIPT type="text/javascript"> 62 <!-- 63 if(window==top) { 64 document.writeln('<A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A>'); 65 } 66 //--> 67</SCRIPT> 68<NOSCRIPT> 69 <A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A> 70</NOSCRIPT> 71 72 73</FONT></TD> 74</TR> 75</TABLE> 76<A NAME="skip-navbar_top"></A> 77<!-- ========= END OF TOP NAVBAR ========= --> 78 79<HR> 80<FONT SIZE="-1">@ParametersAreNonnullByDefault 81</FONT><H2> 82Package org.owasp.html 83</H2> 84An efficient <A HREF="../../../org/owasp/html/HtmlSanitizer.html" title="class in org.owasp.html"><CODE>HtmlSanitizer</CODE></A> 85 configurable via a flexible 86 <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html"><CODE>HtmlPolicyBuilder</CODE></A>. 87<P> 88<B>See:</B> 89<BR> 90 <A HREF="#package_description"><B>Description</B></A> 91<P> 92 93<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 94<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 95<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 96<B>Interface Summary</B></FONT></TH> 97</TR> 98<TR BGCOLOR="white" CLASS="TableRowColor"> 99<TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/AttributePolicy.html" title="interface in org.owasp.html">AttributePolicy</A></B></TD> 100<TD>A policy that can be applied to an HTML attribute to decide whether or not to 101 allow it in the output, possibly after transforming its value.</TD> 102</TR> 103<TR BGCOLOR="white" CLASS="TableRowColor"> 104<TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/ElementPolicy.html" title="interface in org.owasp.html">ElementPolicy</A></B></TD> 105<TD>A policy that can be applied to an element to decide whether or not to 106 allow it in the output, possibly after transforming attributes.</TD> 107</TR> 108<TR BGCOLOR="white" CLASS="TableRowColor"> 109<TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/Handler.html" title="interface in org.owasp.html">Handler<T></A></B></TD> 110<TD>Receives notification of problems.</TD> 111</TR> 112<TR BGCOLOR="white" CLASS="TableRowColor"> 113<TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlChangeListener.html" title="interface in org.owasp.html">HtmlChangeListener<T></A></B></TD> 114<TD>Receives events when an HTML tag, or attribute is discarded.</TD> 115</TR> 116<TR BGCOLOR="white" CLASS="TableRowColor"> 117<TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlSanitizer.Policy.html" title="interface in org.owasp.html">HtmlSanitizer.Policy</A></B></TD> 118<TD>Receives events based on the HTML stream, and applies a policy to decide 119 what HTML constructs to allow.</TD> 120</TR> 121<TR BGCOLOR="white" CLASS="TableRowColor"> 122<TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A></B></TD> 123<TD>A light-weight SAX-like listener for HTML.</TD> 124</TR> 125</TABLE> 126 127 128<P> 129 130<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 131<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 132<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 133<B>Class Summary</B></FONT></TH> 134</TR> 135<TR BGCOLOR="white" CLASS="TableRowColor"> 136<TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/AttributePolicy.Util.html" title="class in org.owasp.html">AttributePolicy.Util</A></B></TD> 137<TD>Utilities for working with attribute policies.</TD> 138</TR> 139<TR BGCOLOR="white" CLASS="TableRowColor"> 140<TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/CssSchema.html" title="class in org.owasp.html">CssSchema</A></B></TD> 141<TD>Describes the kinds of tokens a CSS property's value can safely contain.</TD> 142</TR> 143<TR BGCOLOR="white" CLASS="TableRowColor"> 144<TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/ElementPolicy.Util.html" title="class in org.owasp.html">ElementPolicy.Util</A></B></TD> 145<TD>Utilities for working with element policies.</TD> 146</TR> 147<TR BGCOLOR="white" CLASS="TableRowColor"> 148<TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/FilterUrlByProtocolAttributePolicy.html" title="class in org.owasp.html">FilterUrlByProtocolAttributePolicy</A></B></TD> 149<TD>An attribute policy for attributes whose values are URLs that requires that 150 the value have no protocol or have an allowed protocol.</TD> 151</TR> 152<TR BGCOLOR="white" CLASS="TableRowColor"> 153<TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlChangeReporter.html" title="class in org.owasp.html">HtmlChangeReporter<T></A></B></TD> 154<TD>Sits between the HTML parser, and then policy, and the renderer so that it 155 can report dropped elements and attributes to an <A HREF="../../../org/owasp/html/HtmlChangeListener.html" title="interface in org.owasp.html"><CODE>HtmlChangeListener</CODE></A>.</TD> 156</TR> 157<TR BGCOLOR="white" CLASS="TableRowColor"> 158<TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></B></TD> 159<TD>Conveniences for configuring policies for the <A HREF="../../../org/owasp/html/HtmlSanitizer.html" title="class in org.owasp.html"><CODE>HtmlSanitizer</CODE></A>.</TD> 160</TR> 161<TR BGCOLOR="white" CLASS="TableRowColor"> 162<TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlSanitizer.html" title="class in org.owasp.html">HtmlSanitizer</A></B></TD> 163<TD>Consumes an HTML stream, and dispatches events to a policy object which 164 decides which elements and attributes to allow.</TD> 165</TR> 166<TR BGCOLOR="white" CLASS="TableRowColor"> 167<TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlStreamRenderer.html" title="class in org.owasp.html">HtmlStreamRenderer</A></B></TD> 168<TD>Given a series of HTML tokens, writes valid, normalized HTML to the output.</TD> 169</TR> 170<TR BGCOLOR="white" CLASS="TableRowColor"> 171<TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A></B></TD> 172<TD>A factory that can be used to link a sanitizer to an output receiver and that 173 provides a convenient <code><A HREF="../../../org/owasp/html/PolicyFactory.html#sanitize(java.lang.String)"><CODE>sanitize</CODE></A></code> 174 method and a <code><A HREF="../../../org/owasp/html/PolicyFactory.html#and(org.owasp.html.PolicyFactory)"><CODE>and</CODE></A></code> method to compose 175 policies.</TD> 176</TR> 177<TR BGCOLOR="white" CLASS="TableRowColor"> 178<TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/Sanitizers.html" title="class in org.owasp.html">Sanitizers</A></B></TD> 179<TD>Pre-packaged HTML sanitizer policies.</TD> 180</TR> 181<TR BGCOLOR="white" CLASS="TableRowColor"> 182<TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/TagBalancingHtmlStreamEventReceiver.html" title="class in org.owasp.html">TagBalancingHtmlStreamEventReceiver</A></B></TD> 183<TD>Wraps an HTML stream event receiver to fill in missing close tags.</TD> 184</TR> 185</TABLE> 186 187 188<P> 189 190<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 191<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 192<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 193<B>Enum Summary</B></FONT></TH> 194</TR> 195<TR BGCOLOR="white" CLASS="TableRowColor"> 196<TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/HtmlTextEscapingMode.html" title="enum in org.owasp.html">HtmlTextEscapingMode</A></B></TD> 197<TD>From section 8.1.2.6 of http://www.whatwg.org/specs/web-apps/current-work/</TD> 198</TR> 199</TABLE> 200 201 202<P> 203 204<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 205<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 206<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 207<B>Annotation Types Summary</B></FONT></TH> 208</TR> 209<TR BGCOLOR="white" CLASS="TableRowColor"> 210<TD WIDTH="15%"><B><A HREF="../../../org/owasp/html/TCB.html" title="annotation in org.owasp.html">TCB</A></B></TD> 211<TD>Indicates that a program element is in the trusted computing base -- 212 there exists a security property that could be violated if this code is not 213 correct.</TD> 214</TR> 215</TABLE> 216 217 218<P> 219<A NAME="package_description"><!-- --></A><H2> 220Package org.owasp.html Description 221</H2> 222 223<P> 224An efficient <A HREF="../../../org/owasp/html/HtmlSanitizer.html" title="class in org.owasp.html"><CODE>HtmlSanitizer</CODE></A> 225 configurable via a flexible 226 <A HREF="../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html"><CODE>HtmlPolicyBuilder</CODE></A>. 227<P> 228 229<P> 230<DL> 231<DT><B>Author:</B></DT> 232 <DD>Mike Samuel <mikesamuel@gmail.com></DD> 233</DL> 234<HR> 235 236 237<!-- ======= START OF BOTTOM NAVBAR ====== --> 238<A NAME="navbar_bottom"><!-- --></A> 239<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A> 240<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> 241<TR> 242<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> 243<A NAME="navbar_bottom_firstrow"><!-- --></A> 244<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> 245 <TR ALIGN="center" VALIGN="top"> 246 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> 247 <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Package</B></FONT> </TD> 248 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT> </TD> 249 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-use.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A> </TD> 250 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> 251 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> 252 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> 253 </TR> 254</TABLE> 255</TD> 256<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> 257<a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM> 258</TD> 259</TR> 260 261<TR> 262<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 263 PREV PACKAGE 264 <A HREF="../../../org/owasp/html/examples/package-summary.html"><B>NEXT PACKAGE</B></A></FONT></TD> 265<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 266 <A HREF="../../../index.html?org/owasp/html/package-summary.html" target="_top"><B>FRAMES</B></A> 267 <A HREF="package-summary.html" target="_top"><B>NO FRAMES</B></A> 268 <SCRIPT type="text/javascript"> 269 <!-- 270 if(window==top) { 271 document.writeln('<A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A>'); 272 } 273 //--> 274</SCRIPT> 275<NOSCRIPT> 276 <A HREF="../../../allclasses-noframe.html"><B>All Classes</B></A> 277</NOSCRIPT> 278 279 280</FONT></TD> 281</TR> 282</TABLE> 283<A NAME="skip-navbar_bottom"></A> 284<!-- ======== END OF BOTTOM NAVBAR ======= --> 285 286<HR> 287 288</BODY> 289</HTML> 290