- allowAttributes(String...) - Method in class org.owasp.html.HtmlPolicyBuilder
-
Returns an object that lets you associate policies with the given
attributes, and allow them globally or on specific elements.
- allowCommonBlockElements() - Method in class org.owasp.html.HtmlPolicyBuilder
-
A canned policy that allows a number of common block elements.
- allowCommonInlineFormattingElements() - Method in class org.owasp.html.HtmlPolicyBuilder
-
A canned policy that allows a number of common formatting elements.
- allowedProperties() - Method in class org.owasp.html.CssSchema
-
The set of CSS properties allowed by this schema.
- allowElements(String...) - Method in class org.owasp.html.HtmlPolicyBuilder
-
Allows the named elements.
- allowElements(ElementPolicy, String...) - Method in class org.owasp.html.HtmlPolicyBuilder
-
Allow the given elements with the given policy.
- allowProtocolRelativeUrls() - Method in class org.owasp.html.FilterUrlByProtocolAttributePolicy
-
- allowsEscapingTextSpan(String) - Static method in enum org.owasp.html.HtmlTextEscapingMode
-
True iff the content following the given tag allows escaping text
spans: <!--…-->
that escape even things that might
be an end tag for the corresponding open tag.
- allowStandardUrlProtocols() - Method in class org.owasp.html.HtmlPolicyBuilder
-
A canned URL protocol policy that allows http
,
https
, and mailto
.
- allowStyling() - Method in class org.owasp.html.HtmlPolicyBuilder
-
Convert style="<CSS>"
to sanitized CSS which allows
color, font-size, type-face, and other styling using the default schema;
but which does not allow content to escape its clipping context.
- allowStyling(CssSchema) - Method in class org.owasp.html.HtmlPolicyBuilder
-
Convert style="<CSS>"
to sanitized CSS which allows
color, font-size, type-face, and other styling using the given schema.
- allowTextIn(String...) - Method in class org.owasp.html.HtmlPolicyBuilder
-
Allows text content in the named elements.
- allowUrlProtocols(String...) - Method in class org.owasp.html.HtmlPolicyBuilder
-
Adds to the set of protocols that are allowed in URL attributes.
- allowWithoutAttributes(String...) - Method in class org.owasp.html.HtmlPolicyBuilder
-
Assuming the given elements are allowed, allows them to appear without
attributes.
- and(PolicyFactory) - Method in class org.owasp.html.PolicyFactory
-
Produces a factory that allows the union of the grants, and intersects
policies where they overlap on a particular granted attribute or element
name.
- apply(String, String, String) - Method in interface org.owasp.html.AttributePolicy
-
- apply(String, List<String>) - Method in interface org.owasp.html.ElementPolicy
-
- apply(String, String, String) - Method in class org.owasp.html.FilterUrlByProtocolAttributePolicy
-
- apply(HtmlStreamEventReceiver) - Method in class org.owasp.html.PolicyFactory
-
Produces a sanitizer that emits tokens to out
.
- apply(HtmlStreamEventReceiver, HtmlChangeListener<CTX>, CTX) - Method in class org.owasp.html.PolicyFactory
-
Produces a sanitizer that emits tokens to out
and that notifies
any listener
of any dropped tags and attributes.
- AttributePolicy - Interface in org.owasp.html
-
A policy that can be applied to an HTML attribute to decide whether or not to
allow it in the output, possibly after transforming its value.
- AttributePolicy.Util - Class in org.owasp.html
-
Utilities for working with attribute policies.
- AttributePolicy.Util() - Constructor for class org.owasp.html.AttributePolicy.Util
-