Index (OWASP Java HTML Sanitizer r88 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV NEXT

FRAMES NO FRAMES

A B C D E F G H I J L M O P R S T

A

allowAttributes(String...) - Method in class org.owasp.html.HtmlPolicyBuilder: Returns an object that lets you associate policies with the given attributes, and allow them globally or on specific elements.
allowCommonBlockElements() - Method in class org.owasp.html.HtmlPolicyBuilder: A canned policy that allows a number of common block elements.
allowCommonInlineFormattingElements() - Method in class org.owasp.html.HtmlPolicyBuilder: A canned policy that allows a number of common formatting elements.
allowElements(String...) - Method in class org.owasp.html.HtmlPolicyBuilder: Allows the named elements.
allowElements(ElementPolicy, String...) - Method in class org.owasp.html.HtmlPolicyBuilder: Allow the given elements with the given policy.
allowProtocolRelativeUrls() - Method in class org.owasp.html.FilterUrlByProtocolAttributePolicy
allowStandardUrlProtocols() - Method in class org.owasp.html.HtmlPolicyBuilder: A canned URL protocol policy that allows http, https, and mailto.
allowStyling() - Method in class org.owasp.html.HtmlPolicyBuilder: Convert style="<CSS>" to simple non-JS containing <font> tags to allow color, font-size, typeface, and other styling.
allowUrlProtocols(String...) - Method in class org.owasp.html.HtmlPolicyBuilder: Adds to the set of protocols that are allowed in URL attributes.
allowWithoutAttributes(String...) - Method in class org.owasp.html.HtmlPolicyBuilder: Assuming the given elements are allowed, allows them to appear without attributes.
and(PolicyFactory) - Method in class org.owasp.html.PolicyFactory: Produces a factory that allows the union of the grants, and intersects policies where they overlap on a particular granted attribute or element name.
apply(String, String, String) - Method in interface org.owasp.html.AttributePolicy
apply(String, List<String>) - Method in interface org.owasp.html.ElementPolicy
apply(String, String, String) - Method in class org.owasp.html.FilterUrlByProtocolAttributePolicy
apply(HtmlStreamEventReceiver) - Method in class org.owasp.html.PolicyFactory: Produces a sanitizer that emits tokens to out.
AttributePolicy - Interface in org.owasp.html: A policy that can be applied to an HTML attribute to decide whether or not to allow it in the output, possibly after transforming its value.
AttributePolicy.Util - Class in org.owasp.html: Utilities for working with attribute policies.
AttributePolicy.Util() - Constructor for class org.owasp.html.AttributePolicy.Util

B

BLOCKS - Static variable in class org.owasp.html.Sanitizers: Allows common block elements including <p>, <h1>, etc.
build(HtmlStreamEventReceiver) - Method in class org.owasp.html.HtmlPolicyBuilder: Produces a policy based on the allow and disallow calls previously made.

C

closeDocument() - Method in interface org.owasp.html.HtmlStreamEventReceiver
closeDocument() - Method in class org.owasp.html.HtmlStreamRenderer
closeDocument() - Method in class org.owasp.html.TagBalancingHtmlStreamEventReceiver
closeTag(String) - Method in interface org.owasp.html.HtmlSanitizer.Policy: Called when an HTML tag like </foo> is seen in the input.
closeTag(String) - Method in interface org.owasp.html.HtmlStreamEventReceiver
closeTag(String) - Method in class org.owasp.html.HtmlStreamRenderer
closeTag(String) - Method in class org.owasp.html.TagBalancingHtmlStreamEventReceiver
create(Appendable, Handler<? super IOException>, Handler<? super String>) - Static method in class org.owasp.html.HtmlStreamRenderer: Factory.
create(StringBuilder, Handler<? super String>) - Static method in class org.owasp.html.HtmlStreamRenderer: Factory.

D

DEFAULT_SKIP_IF_EMPTY - Static variable in class org.owasp.html.HtmlPolicyBuilder: The default set of elements that are removed if they have no attributes.
disallowAttributes(String...) - Method in class org.owasp.html.HtmlPolicyBuilder: Reverse an earlier attribute allow.
disallowElements(String...) - Method in class org.owasp.html.HtmlPolicyBuilder: Disallows the named elements.
disallowUrlProtocols(String...) - Method in class org.owasp.html.HtmlPolicyBuilder: Reverses a decision made by HtmlPolicyBuilder.allowUrlProtocols(java.lang.String...).
disallowWithoutAttributes(String...) - Method in class org.owasp.html.HtmlPolicyBuilder: Disallows the given elements from appearing without attributes.
DO_NOTHING - Static variable in interface org.owasp.html.Handler: A handler that does nothing given any input.

E

EbayPolicyExample - Class in org.owasp.html.examples: Based on the AntiSamy EBay example.
EbayPolicyExample() - Constructor for class org.owasp.html.examples.EbayPolicyExample
ElementPolicy - Interface in org.owasp.html: A policy that can be applied to an element to decide whether or not to allow it in the output, possibly after transforming attributes.
ElementPolicy.Util - Class in org.owasp.html: Utilities for working with element policies.

F

FilterUrlByProtocolAttributePolicy - Class in org.owasp.html: An attribute policy for attributes whose values are URLs that requires that the value have no protocol or have an allowed protocol.
FilterUrlByProtocolAttributePolicy(Iterable<? extends String>) - Constructor for class org.owasp.html.FilterUrlByProtocolAttributePolicy
FORMATTING - Static variable in class org.owasp.html.Sanitizers: Allows common formatting elements including <b>, <i>, etc.

G

globally() - Method in class org.owasp.html.HtmlPolicyBuilder.AttributeBuilder: Allows the given attributes on any elements but filters the attributes' values based on previous calls to matching(...).

H

handle(T) - Method in interface org.owasp.html.Handler
Handler<T> - Interface in org.owasp.html: Receives notification of problems.
HtmlPolicyBuilder - Class in org.owasp.html: Conveniences for configuring policies for the HtmlSanitizer.
HtmlPolicyBuilder() - Constructor for class org.owasp.html.HtmlPolicyBuilder
HtmlPolicyBuilder.AttributeBuilder - Class in org.owasp.html: Builds the relationship between attributes, the values that they may have, and the elements on which they may appear.
HtmlSanitizer - Class in org.owasp.html: Consumes an HTML stream, and dispatches events to a policy object which decides which elements and attributes to allow.
HtmlSanitizer() - Constructor for class org.owasp.html.HtmlSanitizer
HtmlSanitizer.Policy - Interface in org.owasp.html: Receives events based on the HTML stream, and applies a policy to decide what HTML constructs to allow.
HtmlStreamEventReceiver - Interface in org.owasp.html: A light-weight SAX-like listener for HTML.
HtmlStreamRenderer - Class in org.owasp.html: Given a series of HTML tokens, writes valid, normalized HTML to the output.

I

IDENTITY_ATTRIBUTE_POLICY - Static variable in interface org.owasp.html.AttributePolicy
IDENTITY_ELEMENT_POLICY - Static variable in interface org.owasp.html.ElementPolicy
IMAGES - Static variable in class org.owasp.html.Sanitizers: Allows <img> elements from HTTP, HTTPS, and relative sources.
isDocumentOpen() - Method in class org.owasp.html.HtmlStreamRenderer

J

join(AttributePolicy...) - Static method in class org.owasp.html.AttributePolicy.Util: An attribute policy equivalent to applying all the given policies in order, failing early if any of them fails.
join(ElementPolicy...) - Static method in class org.owasp.html.ElementPolicy.Util: Given zero or more element policies, returns an element policy equivalent to applying them in order failing early if any of them fails.

L

LINKS - Static variable in class org.owasp.html.Sanitizers: Allows HTTP, HTTPS, MAILTO, and relative links.

M

main(String[]) - Static method in class org.owasp.html.examples.EbayPolicyExample
main(String[]) - Static method in class org.owasp.html.examples.SlashdotPolicyExample
matching(AttributePolicy) - Method in class org.owasp.html.HtmlPolicyBuilder.AttributeBuilder: Filters and/or transforms the attribute values allowed by later allow* calls.
matching(Pattern) - Method in class org.owasp.html.HtmlPolicyBuilder.AttributeBuilder: Restrict the values allowed by later allow* calls to those matching the pattern.
matching(Predicate<? super String>) - Method in class org.owasp.html.HtmlPolicyBuilder.AttributeBuilder: Restrict the values allowed by later allow* calls to those matching the given predicate.
matching(boolean, String...) - Method in class org.owasp.html.HtmlPolicyBuilder.AttributeBuilder: Restrict the values allowed by later allow* calls to those supplied.
matching(boolean, Set<? extends String>) - Method in class org.owasp.html.HtmlPolicyBuilder.AttributeBuilder: Restrict the values allowed by later allow* calls to those supplied.

O

onElements(String...) - Method in class org.owasp.html.HtmlPolicyBuilder.AttributeBuilder: Allows the named attributes on the given elements but filters the attributes' values based on previous calls to matching(...).
openDocument() - Method in interface org.owasp.html.HtmlStreamEventReceiver
openDocument() - Method in class org.owasp.html.HtmlStreamRenderer
openDocument() - Method in class org.owasp.html.TagBalancingHtmlStreamEventReceiver
openTag(String, List<String>) - Method in interface org.owasp.html.HtmlSanitizer.Policy: Called when an HTML tag like <foo bar=baz> is seen in the input.
openTag(String, List<String>) - Method in interface org.owasp.html.HtmlStreamEventReceiver
openTag(String, List<String>) - Method in class org.owasp.html.HtmlStreamRenderer
openTag(String, List<String>) - Method in class org.owasp.html.TagBalancingHtmlStreamEventReceiver
org.owasp.html - package org.owasp.html: An efficient HtmlSanitizer configurable via a flexible HtmlPolicyBuilder.
org.owasp.html.examples - package org.owasp.html.examples

P

POLICY_DEFINITION - Static variable in class org.owasp.html.examples.EbayPolicyExample
POLICY_DEFINITION - Static variable in class org.owasp.html.examples.SlashdotPolicyExample: A policy definition that matches the minimal HTML that Slashdot allows.
PolicyFactory - Class in org.owasp.html: A factory that can be used to link a sanitizer to an output receiver and that provides a convenient sanitize method and a and method to compose policies.
PROPAGATE - Static variable in interface org.owasp.html.Handler: A handler that re-raises an error, wrapping it in a runtime exception if necessary.

R

REJECT_ALL_ATTRIBUTE_POLICY - Static variable in interface org.owasp.html.AttributePolicy
REJECT_ALL_ELEMENT_POLICY - Static variable in interface org.owasp.html.ElementPolicy
requireRelNofollowOnLinks() - Method in class org.owasp.html.HtmlPolicyBuilder: Adds rel=nofollow to links.

S

sanitize(String, HtmlSanitizer.Policy) - Static method in class org.owasp.html.HtmlSanitizer: Sanitizes the given HTML by applying the given policy to it.
sanitize(String) - Method in class org.owasp.html.PolicyFactory: A convenience function that sanitizes a string of HTML.
Sanitizers - Class in org.owasp.html: Pre-packaged HTML sanitizer policies.
setNestingLimit(int) - Method in class org.owasp.html.TagBalancingHtmlStreamEventReceiver
SlashdotPolicyExample - Class in org.owasp.html.examples: Based on the AntiSamy Slashdot example.
SlashdotPolicyExample() - Constructor for class org.owasp.html.examples.SlashdotPolicyExample
STYLES - Static variable in class org.owasp.html.Sanitizers: Allows certain safe CSS properties in style="..." attributes.

T

TagBalancingHtmlStreamEventReceiver - Class in org.owasp.html: Wraps an HTML stream event receiver to fill in missing close tags.
TagBalancingHtmlStreamEventReceiver(HtmlStreamEventReceiver) - Constructor for class org.owasp.html.TagBalancingHtmlStreamEventReceiver
TCB - Annotation Type in org.owasp.html: Indicates that a program element is in the trusted computing base -- there exists a security property that could be violated if this code is not correct.
text(String) - Method in interface org.owasp.html.HtmlSanitizer.Policy: Called when textual content is seen.
text(String) - Method in interface org.owasp.html.HtmlStreamEventReceiver
text(String) - Method in class org.owasp.html.HtmlStreamRenderer
text(String) - Method in class org.owasp.html.TagBalancingHtmlStreamEventReceiver
toFactory() - Method in class org.owasp.html.HtmlPolicyBuilder: Like HtmlPolicyBuilder.build(org.owasp.html.HtmlStreamEventReceiver) but can be reused to create many different policies each backed by a different output channel.

A B C D E F G H I J L M O P R S T

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV NEXT

FRAMES NO FRAMES