org.jsoup.safety
Class Cleaner
java.lang.Object
org.jsoup.safety.Cleaner
public class Cleaner
- extends Object
The whitelist based HTML cleaner. Use to ensure that end-user provided HTML contains only the elements and attributes
that you are expecting; no junk, and no cross-site scripting attacks!
The HTML cleaner parses the input as HTML and then runs it through a white-list, so the output HTML can only contain
HTML that is allowed by the whitelist.
It is assumed that the input HTML is a body fragment; the clean methods only pull from the source's body, and the
canned white-lists only allow body contained tags.
Rather than interacting directly with a Cleaner object, generally see the clean methods in Jsoup.
|
Constructor Summary |
Cleaner(Whitelist whitelist)
Create a new cleaner, that sanitizes documents using the supplied whitelist. |
|
Method Summary |
Document |
clean(Document dirtyDocument)
Creates a new, clean document, from the original dirty document, containing only elements allowed by the whitelist. |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Cleaner
public Cleaner(Whitelist whitelist)
- Create a new cleaner, that sanitizes documents using the supplied whitelist.
- Parameters:
whitelist - white-list to clean with
clean
public Document clean(Document dirtyDocument)
- Creates a new, clean document, from the original dirty document, containing only elements allowed by the whitelist.
The original document is not modified. Only elements from the dirt document's
body are used.
- Parameters:
dirtyDocument - Untrusted base document to clean.
- Returns:
- cleaned document.
Copyright © 2009-2010 Jonathan Hedley. All Rights Reserved.