| Modifier and Type | Method and Description |
|---|---|
HtmlPolicyBuilder |
HtmlPolicyBuilder.allowCommonBlockElements()
A canned policy that allows a number of common block elements.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.allowCommonInlineFormattingElements()
A canned policy that allows a number of common formatting elements.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.allowElements(ElementPolicy policy,
String... elementNames)
Allow the given elements with the given policy.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.allowElements(String... elementNames)
Allows the named elements.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.allowStandardUrlProtocols()
A canned URL protocol policy that allows
http,
https, and mailto. |
HtmlPolicyBuilder |
HtmlPolicyBuilder.allowStyling()
Convert
style="<CSS>" to sanitized CSS which allows
color, font-size, type-face, and other styling using the default schema;
but which does not allow content to escape its clipping context. |
HtmlPolicyBuilder |
HtmlPolicyBuilder.allowStyling(CssSchema whitelist)
Convert
style="<CSS>" to sanitized CSS which allows
color, font-size, type-face, and other styling using the given schema. |
HtmlPolicyBuilder |
HtmlPolicyBuilder.allowTextIn(String... elementNames)
Allows text content in the named elements.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.allowUrlProtocols(String... protocols)
Adds to the set of protocols that are allowed in URL attributes.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.allowUrlsInStyles(AttributePolicy newStyleUrlPolicy)
Allow URLs in CSS styles.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.allowWithoutAttributes(String... elementNames)
Assuming the given elements are allowed, allows them to appear without
attributes.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.disallowElements(String... elementNames)
Disallows the named elements.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.disallowTextIn(String... elementNames)
Disallows text in elements with the given name.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.disallowUrlProtocols(String... protocols)
Reverses a decision made by
allowUrlProtocols(java.lang.String...). |
HtmlPolicyBuilder |
HtmlPolicyBuilder.disallowWithoutAttributes(String... elementNames)
Disallows the given elements from appearing without attributes.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.AttributeBuilder.globally()
Allows the given attributes on any elements but filters the
attributes' values based on previous calls to
matching(...). |
HtmlPolicyBuilder |
HtmlPolicyBuilder.AttributeBuilder.onElements(String... elementNames)
Allows the named attributes on the given elements but filters the
attributes' values based on previous calls to
matching(...). |
HtmlPolicyBuilder |
HtmlPolicyBuilder.requireRelNofollowOnLinks()
Adds
rel=nofollow
to links. |
HtmlPolicyBuilder |
HtmlPolicyBuilder.requireRelsOnLinks(String... linkValues)
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.skipRelsOnLinks(String... linkValues)
Opts out of some of the
DEFAULT_RELS_ON_TARGETTED_LINKS from being added
to links, and reverses pre |
HtmlPolicyBuilder |
HtmlPolicyBuilder.withPostprocessor(HtmlStreamEventProcessor pp)
Inserts a post-processor into the pipeline between the policy and the
output sink.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.withPreprocessor(HtmlStreamEventProcessor pp)
Inserts a pre-processor into the pipeline between the lexer and the policy.
|
Copyright © 2017 OWASP. All rights reserved.