Skip navigation links
A B C D E F G H I J L M O P R S T U 

A

allowAttributes(String...) - Method in class org.owasp.html.HtmlPolicyBuilder
Returns an object that lets you associate policies with the given attributes, and allow them globally or on specific elements.
allowCommonBlockElements() - Method in class org.owasp.html.HtmlPolicyBuilder
A canned policy that allows a number of common block elements.
allowCommonInlineFormattingElements() - Method in class org.owasp.html.HtmlPolicyBuilder
A canned policy that allows a number of common formatting elements.
allowElements(String...) - Method in class org.owasp.html.HtmlPolicyBuilder
Allows the named elements.
allowElements(ElementPolicy, String...) - Method in class org.owasp.html.HtmlPolicyBuilder
Allow the given elements with the given policy.
allowProtocolRelativeUrls() - Method in class org.owasp.html.FilterUrlByProtocolAttributePolicy
 
allowStandardUrlProtocols() - Method in class org.owasp.html.HtmlPolicyBuilder
A canned URL protocol policy that allows http, https, and mailto.
allowStyling() - Method in class org.owasp.html.HtmlPolicyBuilder
Convert style="<CSS>" to simple non-JS containing <font> tags to allow color, font-size, typeface, and other styling.
allowUrlProtocols(String...) - Method in class org.owasp.html.HtmlPolicyBuilder
Adds to the set of protocols that are allowed in URL attributes.
allowWithoutAttributes(String...) - Method in class org.owasp.html.HtmlPolicyBuilder
Assuming the given elements are allowed, allows them to appear without attributes.
and(PolicyFactory) - Method in class org.owasp.html.PolicyFactory
Produces a factory that allows the union of the grants, and intersects policies where they overlap on a particular granted attribute or element name.
apply(String, String, String) - Method in interface org.owasp.html.AttributePolicy
 
apply(String, List<String>) - Method in interface org.owasp.html.ElementPolicy
 
apply(String, String, String) - Method in class org.owasp.html.FilterUrlByProtocolAttributePolicy
 
apply(HtmlStreamEventReceiver) - Method in class org.owasp.html.PolicyFactory
Produces a sanitizer that emits tokens to out.
AttributePolicy - Interface in org.owasp.html
A policy that can be applied to an HTML attribute to decide whether or not to allow it in the output, possibly after transforming its value.
AttributePolicy.Util - Class in org.owasp.html
Utilities for working with attribute policies.

B

BLOCKS - Static variable in class org.owasp.html.Sanitizers
Allows common block elements including <p>, <h1>, etc.
build(HtmlStreamEventReceiver) - Method in class org.owasp.html.HtmlPolicyBuilder
Produces a policy based on the allow and disallow calls previously made.

C

closeDocument() - Method in interface org.owasp.html.HtmlStreamEventReceiver
 
closeDocument() - Method in class org.owasp.html.HtmlStreamRenderer
 
closeDocument() - Method in class org.owasp.html.TagBalancingHtmlStreamEventReceiver
 
closeTag(String) - Method in interface org.owasp.html.HtmlSanitizer.Policy
Called when an HTML tag like </foo> is seen in the input.
closeTag(String) - Method in interface org.owasp.html.HtmlStreamEventReceiver
 
closeTag(String) - Method in class org.owasp.html.HtmlStreamRenderer
 
closeTag(String) - Method in class org.owasp.html.TagBalancingHtmlStreamEventReceiver
 
create(Appendable, Handler<? super IOException>, Handler<? super String>) - Static method in class org.owasp.html.HtmlStreamRenderer
Factory.
create(StringBuilder, Handler<? super String>) - Static method in class org.owasp.html.HtmlStreamRenderer
Factory.

D

DEFAULT_SKIP_IF_EMPTY - Static variable in class org.owasp.html.HtmlPolicyBuilder
The default set of elements that are removed if they have no attributes.
disallowAttributes(String...) - Method in class org.owasp.html.HtmlPolicyBuilder
Reverse an earlier attribute allow.
disallowElements(String...) - Method in class org.owasp.html.HtmlPolicyBuilder
Disallows the named elements.
disallowUrlProtocols(String...) - Method in class org.owasp.html.HtmlPolicyBuilder
disallowWithoutAttributes(String...) - Method in class org.owasp.html.HtmlPolicyBuilder
Disallows the given elements from appearing without attributes.
DO_NOTHING - Static variable in interface org.owasp.html.Handler
A handler that does nothing given any input.

E

EbayPolicyExample - Class in org.owasp.html.examples
Based on the AntiSamy EBay example.
EbayPolicyExample() - Constructor for class org.owasp.html.examples.EbayPolicyExample
 
ElementPolicy - Interface in org.owasp.html
A policy that can be applied to an element to decide whether or not to allow it in the output, possibly after transforming attributes.
ElementPolicy.Util - Class in org.owasp.html
Utilities for working with element policies.

F

FilterUrlByProtocolAttributePolicy - Class in org.owasp.html
An attribute policy for attributes whose values are URLs that requires that the value have no protocol or have an allowed protocol.
FilterUrlByProtocolAttributePolicy(Iterable<? extends String>) - Constructor for class org.owasp.html.FilterUrlByProtocolAttributePolicy
 
FORMATTING - Static variable in class org.owasp.html.Sanitizers
Allows common formatting elements including <b>, <i>, etc.

G

globally() - Method in class org.owasp.html.HtmlPolicyBuilder.AttributeBuilder
Allows the given attributes on any elements but filters the attributes' values based on previous calls to matching(...).

H

handle(T) - Method in interface org.owasp.html.Handler
 
Handler<T> - Interface in org.owasp.html
Receives notification of problems.
HtmlPolicyBuilder - Class in org.owasp.html
Conveniences for configuring policies for the HtmlSanitizer.
HtmlPolicyBuilder() - Constructor for class org.owasp.html.HtmlPolicyBuilder
 
HtmlPolicyBuilder.AttributeBuilder - Class in org.owasp.html
Builds the relationship between attributes, the values that they may have, and the elements on which they may appear.
HtmlSanitizer - Class in org.owasp.html
Consumes an HTML stream, and dispatches events to a policy object which decides which elements and attributes to allow.
HtmlSanitizer() - Constructor for class org.owasp.html.HtmlSanitizer
 
HtmlSanitizer.Policy - Interface in org.owasp.html
Receives events based on the HTML stream, and applies a policy to decide what HTML constructs to allow.
HtmlStreamEventReceiver - Interface in org.owasp.html
A light-weight SAX-like listener for HTML.
HtmlStreamRenderer - Class in org.owasp.html
Given a series of HTML tokens, writes valid, normalized HTML to the output.

I

IDENTITY_ATTRIBUTE_POLICY - Static variable in interface org.owasp.html.AttributePolicy
 
IDENTITY_ELEMENT_POLICY - Static variable in interface org.owasp.html.ElementPolicy
 
IMAGES - Static variable in class org.owasp.html.Sanitizers
Allows <img> elements from HTTP, HTTPS, and relative sources.
isDocumentOpen() - Method in class org.owasp.html.HtmlStreamRenderer
 

J

join(AttributePolicy...) - Static method in class org.owasp.html.AttributePolicy.Util
An attribute policy equivalent to applying all the given policies in order, failing early if any of them fails.
join(ElementPolicy...) - Static method in class org.owasp.html.ElementPolicy.Util
Given zero or more element policies, returns an element policy equivalent to applying them in order failing early if any of them fails.

L

LINKS - Static variable in class org.owasp.html.Sanitizers
Allows HTTP, HTTPS, MAILTO, and relative links.

M

main(String[]) - Static method in class org.owasp.html.examples.EbayPolicyExample
 
main(String[]) - Static method in class org.owasp.html.examples.SlashdotPolicyExample
 
matching(AttributePolicy) - Method in class org.owasp.html.HtmlPolicyBuilder.AttributeBuilder
Filters and/or transforms the attribute values allowed by later allow* calls.
matching(Pattern) - Method in class org.owasp.html.HtmlPolicyBuilder.AttributeBuilder
Restrict the values allowed by later allow* calls to those matching the pattern.
matching(Predicate<? super String>) - Method in class org.owasp.html.HtmlPolicyBuilder.AttributeBuilder
Restrict the values allowed by later allow* calls to those matching the given predicate.
matching(boolean, String...) - Method in class org.owasp.html.HtmlPolicyBuilder.AttributeBuilder
Restrict the values allowed by later allow* calls to those supplied.
matching(boolean, Set<? extends String>) - Method in class org.owasp.html.HtmlPolicyBuilder.AttributeBuilder
Restrict the values allowed by later allow* calls to those supplied.

O

onElements(String...) - Method in class org.owasp.html.HtmlPolicyBuilder.AttributeBuilder
Allows the named attributes on the given elements but filters the attributes' values based on previous calls to matching(...).
openDocument() - Method in interface org.owasp.html.HtmlStreamEventReceiver
 
openDocument() - Method in class org.owasp.html.HtmlStreamRenderer
 
openDocument() - Method in class org.owasp.html.TagBalancingHtmlStreamEventReceiver
 
openTag(String, List<String>) - Method in interface org.owasp.html.HtmlSanitizer.Policy
Called when an HTML tag like <foo bar=baz> is seen in the input.
openTag(String, List<String>) - Method in interface org.owasp.html.HtmlStreamEventReceiver
 
openTag(String, List<String>) - Method in class org.owasp.html.HtmlStreamRenderer
 
openTag(String, List<String>) - Method in class org.owasp.html.TagBalancingHtmlStreamEventReceiver
 
org.owasp.html - package org.owasp.html
An efficient HtmlSanitizer configurable via a flexible HtmlPolicyBuilder.
org.owasp.html.examples - package org.owasp.html.examples
 

P

POLICY_DEFINITION - Static variable in class org.owasp.html.examples.EbayPolicyExample
 
POLICY_DEFINITION - Static variable in class org.owasp.html.examples.SlashdotPolicyExample
A policy definition that matches the minimal HTML that Slashdot allows.
PolicyFactory - Class in org.owasp.html
A factory that can be used to link a sanitizer to an output receiver and that provides a convenient sanitize method and a and method to compose policies.
PROPAGATE - Static variable in interface org.owasp.html.Handler
A handler that re-raises an error, wrapping it in a runtime exception if necessary.

R

REJECT_ALL_ATTRIBUTE_POLICY - Static variable in interface org.owasp.html.AttributePolicy
 
REJECT_ALL_ELEMENT_POLICY - Static variable in interface org.owasp.html.ElementPolicy
 
requireRelNofollowOnLinks() - Method in class org.owasp.html.HtmlPolicyBuilder
Adds rel=nofollow to links.

S

sanitize(String, HtmlSanitizer.Policy) - Static method in class org.owasp.html.HtmlSanitizer
Sanitizes the given HTML by applying the given policy to it.
sanitize(String) - Method in class org.owasp.html.PolicyFactory
A convenience function that sanitizes a string of HTML.
Sanitizers - Class in org.owasp.html
Pre-packaged HTML sanitizer policies.
setNestingLimit(int) - Method in class org.owasp.html.TagBalancingHtmlStreamEventReceiver
 
SlashdotPolicyExample - Class in org.owasp.html.examples
SlashdotPolicyExample() - Constructor for class org.owasp.html.examples.SlashdotPolicyExample
 
STYLES - Static variable in class org.owasp.html.Sanitizers
Allows certain safe CSS properties in style="..." attributes.

T

TagBalancingHtmlStreamEventReceiver - Class in org.owasp.html
Wraps an HTML stream event receiver to fill in missing close tags.
TagBalancingHtmlStreamEventReceiver(HtmlStreamEventReceiver) - Constructor for class org.owasp.html.TagBalancingHtmlStreamEventReceiver
 
TCB - Annotation Type in org.owasp.html
Indicates that a program element is in the trusted computing base -- there exists a security property that could be violated if this code is not correct.
text(String) - Method in interface org.owasp.html.HtmlSanitizer.Policy
Called when textual content is seen.
text(String) - Method in interface org.owasp.html.HtmlStreamEventReceiver
 
text(String) - Method in class org.owasp.html.HtmlStreamRenderer
 
text(String) - Method in class org.owasp.html.TagBalancingHtmlStreamEventReceiver
 
toFactory() - Method in class org.owasp.html.HtmlPolicyBuilder
Like HtmlPolicyBuilder.build(org.owasp.html.HtmlStreamEventReceiver) but can be reused to create many different policies each backed by a different output channel.

U

Util() - Constructor for class org.owasp.html.AttributePolicy.Util
 
A B C D E F G H I J L M O P R S T U 
Skip navigation links

Copyright © 2016 OWASP. All rights reserved.