org.owasp.html

Class HtmlPolicyBuilder.AttributeBuilder

java.lang.Object

org.owasp.html.HtmlPolicyBuilder.AttributeBuilder

Enclosing class:

HtmlPolicyBuilder

public final class HtmlPolicyBuilder.AttributeBuilder
extends Object

Builds the relationship between attributes, the values that they may have, and the elements on which they may appear.

Author:

Mike Samuel

Method Summary

Modifier and Type	Method and Description
HtmlPolicyBuilder	globally() Allows the given attributes on any elements but filters the attributes' values based on previous calls to matching(...).
HtmlPolicyBuilder.AttributeBuilder	matching(AttributePolicy attrPolicy) Filters and/or transforms the attribute values allowed by later allow* calls.
HtmlPolicyBuilder.AttributeBuilder	matching(boolean ignoreCase, Set<? extends String> allowedValues) Restrict the values allowed by later allow* calls to those supplied.
HtmlPolicyBuilder.AttributeBuilder	matching(boolean ignoreCase, String... allowedValues) Restrict the values allowed by later allow* calls to those supplied.
HtmlPolicyBuilder.AttributeBuilder	matching(Pattern pattern) Restrict the values allowed by later allow* calls to those matching the pattern.
HtmlPolicyBuilder.AttributeBuilder	matching(com.google.common.base.Predicate<? super String> filter) Restrict the values allowed by later allow* calls to those matching the given predicate.
HtmlPolicyBuilder	onElements(String... elementNames) Allows the named attributes on the given elements but filters the attributes' values based on previous calls to matching(...).

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

matching

public HtmlPolicyBuilder.AttributeBuilder matching(AttributePolicy attrPolicy)

Filters and/or transforms the attribute values allowed by later allow* calls. Multiple calls to matching are combined so that the policies receive the value in order, each seeing the value after any transformation by a previous policy.

matching

public HtmlPolicyBuilder.AttributeBuilder matching(Pattern pattern)

Restrict the values allowed by later allow* calls to those matching the pattern. Multiple calls to matching are combined to restrict to the intersection of possible matched values.

matching

public HtmlPolicyBuilder.AttributeBuilder matching(com.google.common.base.Predicate<? super String> filter)

Restrict the values allowed by later allow* calls to those matching the given predicate. Multiple calls to matching are combined to restrict to the intersection of possible matched values.

matching

public HtmlPolicyBuilder.AttributeBuilder matching(boolean ignoreCase,
                                                   String... allowedValues)

Restrict the values allowed by later allow* calls to those supplied. Multiple calls to matching are combined to restrict to the intersection of possible matched values.

matching

public HtmlPolicyBuilder.AttributeBuilder matching(boolean ignoreCase,
                                                   Set<? extends String> allowedValues)

Restrict the values allowed by later allow* calls to those supplied. Multiple calls to matching are combined to restrict to the intersection of possible matched values.

globally

public HtmlPolicyBuilder globally()

Allows the given attributes on any elements but filters the attributes' values based on previous calls to matching(...). Global attribute policies are applied after element specific policies. Be careful of using this with attributes like type which have different meanings on different attributes. Also be careful of allowing globally attributes like href which can have more far-reaching effects on tags like <base> and <link> than on <a> because in the former, they have an effect without user interaction and can change the behavior of the current page.

onElements

public HtmlPolicyBuilder onElements(String... elementNames)

Allows the named attributes on the given elements but filters the attributes' values based on previous calls to matching(...).