FilterUrlByProtocolAttributePolicy (OWASP Java HTML Sanitizer 20160827.1 API)

Skip navigation links

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- org.owasp.html.FilterUrlByProtocolAttributePolicy

All Implemented Interfaces:

AttributePolicy
```
public class FilterUrlByProtocolAttributePolicy
extends Object
implements AttributePolicy
```
An attribute policy for attributes whose values are URLs that requires that the value have no protocol or have an allowed protocol.
URLs with protocols must match the protocol set passed to the constructor. URLs without protocols but which specify an origin different from the containing page (e.g. //example.org) are only allowed if the policy allows both http and https which are normally used to serve HTML. Same-origin URLs, URLs without any protocol or authority part are always allowed.

This class assumes that URLs are either hierarchical, or are opaque, but do not look like they contain an authority portion.

Author:

Mike Samuel ([email protected])

Nested Class Summary
- Nested classes/interfaces inherited from interface org.owasp.html.AttributePolicy
  AttributePolicy.Util

Field Summary
- Fields inherited from interface org.owasp.html.AttributePolicy
  IDENTITY_ATTRIBUTE_POLICY, REJECT_ALL_ATTRIBUTE_POLICY

Constructor Summary

Constructors
Constructor and Description

FilterUrlByProtocolAttributePolicy(Iterable<? extends String> protocols)

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`String`	`apply(String elementName, String attributeName, String value)`
`boolean`	`equals(Object o)`
`int`	`hashCode()`

Methods inherited from class java.lang.Object
getClass, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - FilterUrlByProtocolAttributePolicy
```
public FilterUrlByProtocolAttributePolicy(Iterable<? extends String> protocols)
```
    Parameters:
    
    protocols - lower-case protocol names without any trailing colon (":")
- Method Detail
  - apply
```
@Nullable
public String apply(String elementName,
                              String attributeName,
                              String value)
```
    Specified by:
    
    apply in interface AttributePolicy
    
    Parameters:
    
    elementName - the lower-case element name.
    
    attributeName - the lower-case attribute name.
    
    value - the attribute value without quotes and with HTML entities decoded.
    
    Returns:
    
    null to disallow the attribute or the adjusted value if allowed.
  - equals
```
public boolean equals(Object o)
```
    Overrides:
    
    equals in class Object
  - hashCode
```
public int hashCode()
```
    Overrides:
    
    hashCode in class Object

Skip navigation links

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

Copyright © 2016 OWASP. All rights reserved.