org.owasp.html

Class HtmlSanitizer

java.lang.Object

org.owasp.html.HtmlSanitizer

public final class HtmlSanitizer
extends Object

Consumes an HTML stream, and dispatches events to a policy object which decides which elements and attributes to allow.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	HtmlSanitizer.Policy Receives events based on the HTML stream, and applies a policy to decide what HTML constructs to allow.

Constructor Summary

Constructors

Constructor and Description
HtmlSanitizer()

Method Summary

Methods

Modifier and Type	Method and Description
static void	sanitize(String html, HtmlSanitizer.Policy policy) Sanitizes the given HTML by applying the given policy to it.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

HtmlSanitizer

public HtmlSanitizer()

Method Detail

sanitize

public static void sanitize(@Nullable
            String html,
            HtmlSanitizer.Policy policy)

Sanitizes the given HTML by applying the given policy to it.

This method is not in the TCB.

This method has no return value since policies are assumed to render things they accept and do nothing on things they reject. Use HtmlStreamRenderer to render content to an output buffer.

Parameters:

html - A snippet of HTML to sanitize. null is treated as the empty string and will not result in a NullPointerException.

policy - The Policy that will receive events based on the tokens in HTML. Typically, this policy ends up routing the events to an HtmlStreamRenderer after filtering. HtmlPolicyBuilder provides an easy way to create policies.