Package org.owasp.html
Interface HtmlSanitizer.Policy
-
- All Superinterfaces:
HtmlStreamEventReceiver
- Enclosing class:
- HtmlSanitizer
public static interface HtmlSanitizer.Policy extends HtmlStreamEventReceiver
Receives events based on the HTML stream, and applies a policy to decide what HTML constructs to allow. Typically, implementations use anHtmlStreamRenderer
to produce the sanitized output.Implementations of this class are in the TCB.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description void
closeTag(String elementName)
Called when an HTML tag like</foo>
is seen in the input.void
openTag(String elementName, List<String> attrs)
Called when an HTML tag like<foo bar=baz>
is seen in the input.void
text(String textChunk)
Called when textual content is seen.-
Methods inherited from interface org.owasp.html.HtmlStreamEventReceiver
closeDocument, openDocument
-
-
-
-
Method Detail
-
openTag
void openTag(String elementName, List<String> attrs)
Called when an HTML tag like<foo bar=baz>
is seen in the input.- Specified by:
openTag
in interfaceHtmlStreamEventReceiver
- Parameters:
elementName
- a normalized (lower-case for non-namespaced names) element name.attrs
- a list of alternating attribute name and value pairs. For efficiency, this list may be mutated by this during this method call, but ownership reverts to the caller on method exit. The values are raw -- HTML entities have been decoded. Specifically, implementations are allowed to use a list iterator and remove all disallowed attributes, add necessary attributes, and then pass the list to anHtmlStreamRenderer
.
-
closeTag
void closeTag(String elementName)
Called when an HTML tag like</foo>
is seen in the input.- Specified by:
closeTag
in interfaceHtmlStreamEventReceiver
- Parameters:
elementName
- a normalized (lower-case for non-namespaced names) element name.
-
text
void text(String textChunk)
Called when textual content is seen.- Specified by:
text
in interfaceHtmlStreamEventReceiver
- Parameters:
textChunk
- raw content -- HTML entities have been decoded.
-
-