| Modifier and Type | Method | Description |
|---|---|---|
HtmlPolicyBuilder |
HtmlPolicyBuilder.allowCommonBlockElements() |
A canned policy that allows a number of common block elements.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.allowCommonInlineFormattingElements() |
A canned policy that allows a number of common formatting elements.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.allowElements(java.lang.String... elementNames) |
Allows the named elements.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.allowElements(ElementPolicy policy,
java.lang.String... elementNames) |
Allow the given elements with the given policy.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.allowStandardUrlProtocols() |
A canned URL protocol policy that allows
http,
https, and mailto. |
HtmlPolicyBuilder |
HtmlPolicyBuilder.allowStyling() |
Convert
style="<CSS>" to sanitized CSS which allows
color, font-size, type-face, and other styling using the default schema;
but which does not allow content to escape its clipping context. |
HtmlPolicyBuilder |
HtmlPolicyBuilder.allowStyling(CssSchema whitelist) |
Convert
style="<CSS>" to sanitized CSS which allows
color, font-size, type-face, and other styling using the given schema. |
HtmlPolicyBuilder |
HtmlPolicyBuilder.allowTextIn(java.lang.String... elementNames) |
Allows text content in the named elements.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.allowUrlProtocols(java.lang.String... protocols) |
Adds to the set of protocols that are allowed in URL attributes.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.allowUrlsInStyles(AttributePolicy newStyleUrlPolicy) |
Allow URLs in CSS styles.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.allowWithoutAttributes(java.lang.String... elementNames) |
Assuming the given elements are allowed, allows them to appear without
attributes.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.disallowElements(java.lang.String... elementNames) |
Disallows the named elements.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.disallowTextIn(java.lang.String... elementNames) |
Disallows text in elements with the given name.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.disallowUrlProtocols(java.lang.String... protocols) |
Reverses a decision made by
allowUrlProtocols(java.lang.String...). |
HtmlPolicyBuilder |
HtmlPolicyBuilder.disallowWithoutAttributes(java.lang.String... elementNames) |
Disallows the given elements from appearing without attributes.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.AttributeBuilder.globally() |
Allows the given attributes on any elements but filters the
attributes' values based on previous calls to
matching(...). |
HtmlPolicyBuilder |
HtmlPolicyBuilder.AttributeBuilder.onElements(java.lang.String... elementNames) |
Allows the named attributes on the given elements but filters the
attributes' values based on previous calls to
matching(...). |
HtmlPolicyBuilder |
HtmlPolicyBuilder.requireRelNofollowOnLinks() |
Adds
rel=nofollow
to links. |
HtmlPolicyBuilder |
HtmlPolicyBuilder.requireRelsOnLinks(java.lang.String... linkValues) |
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.skipRelsOnLinks(java.lang.String... linkValues) |
Opts out of some of the
DEFAULT_RELS_ON_TARGETTED_LINKS from being added
to links, and reverses previous calls to requireRelsOnLinks with the given link values. |
HtmlPolicyBuilder |
HtmlPolicyBuilder.withPostprocessor(HtmlStreamEventProcessor pp) |
Inserts a post-processor into the pipeline between the policy and the
output sink.
|
HtmlPolicyBuilder |
HtmlPolicyBuilder.withPreprocessor(HtmlStreamEventProcessor pp) |
Inserts a pre-processor into the pipeline between the lexer and the policy.
|
Copyright © 2019 OWASP. All rights reserved.