HtmlSanitizer.Policy.html revision e715af4df4fe6f57bb0386f627e6e3aeb3d21228 
1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
2<!--NewPage-->
3<HTML>
4<HEAD>
5<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
6<TITLE>
7HtmlSanitizer.Policy (OWASP Java HTML Sanitizer)
8</TITLE>
9
10
11<LINK REL ="stylesheet" TYPE="text/css" HREF="/stylesheet.css" TITLE="Style">
12
13<SCRIPT type="text/javascript">
14function windowTitle()
15{
16    if (location.href.indexOf('is-external=true') == -1) {
17        parent.document.title="HtmlSanitizer.Policy (OWASP Java HTML Sanitizer)";
18    }
19}
20</SCRIPT>
21<NOSCRIPT>
22</NOSCRIPT>
23
24</HEAD>
25
26<BODY BGCOLOR="white" onload="windowTitle();">
27<HR>
28
29
30<!-- ========= START OF TOP NAVBAR ======= -->
31<A NAME="navbar_top"><!-- --></A>
32<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
33<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
34<TR>
35<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
36<A NAME="navbar_top_firstrow"><!-- --></A>
37<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
38  <TR ALIGN="center" VALIGN="top">
39  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="/overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
40  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
41  <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
42  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="class-use/HtmlSanitizer.Policy.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
43  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
44  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="/deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
45  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="/index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
46  </TR>
47</TABLE>
48</TD>
49<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
50<a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM>
51</TD>
52</TR>
53
54<TR>
55<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
56&nbsp;<A HREF="/org/owasp/html/HtmlSanitizer.html" title="class in org.owasp.html"><B>PREV CLASS</B></A>&nbsp;
57&nbsp;<A HREF="/org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html"><B>NEXT CLASS</B></A></FONT></TD>
58<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
59  <A HREF="/index.html?org/owasp/html/HtmlSanitizer.Policy.html" target="_top"><B>FRAMES</B></A>  &nbsp;
60&nbsp;<A HREF="HtmlSanitizer.Policy.html" target="_top"><B>NO FRAMES</B></A>  &nbsp;
61&nbsp;<SCRIPT type="text/javascript">
62  <!--
63  if(window==top) {
64    document.writeln('<A HREF="/allclasses-noframe.html"><B>All Classes</B></A>');
65  }
66  //-->
67</SCRIPT>
68<NOSCRIPT>
69  <A HREF="/allclasses-noframe.html"><B>All Classes</B></A>
70</NOSCRIPT>
71
72
73</FONT></TD>
74</TR>
75<TR>
76<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
77  SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
78<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
79DETAIL:&nbsp;FIELD&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
80</TR>
81</TABLE>
82<A NAME="skip-navbar_top"></A>
83<!-- ========= END OF TOP NAVBAR ========= -->
84
85<HR>
86<!-- ======== START OF CLASS DATA ======== -->
87<H2>
88<FONT SIZE="-1">
89org.owasp.html</FONT>
90<BR>
91Interface HtmlSanitizer.Policy</H2>
92<DL>
93<DT><B>All Superinterfaces:</B> <DD><A HREF="/org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A></DD>
94</DL>
95<DL>
96<DT><B>Enclosing class:</B><DD><A HREF="/org/owasp/html/HtmlSanitizer.html" title="class in org.owasp.html">HtmlSanitizer</A></DD>
97</DL>
98<HR>
99<DL>
100<DT><PRE>public static interface <A HREF="/src-html/org/owasp/html/HtmlSanitizer.html#line.53"><B>HtmlSanitizer.Policy</B></A><DT>extends <A HREF="/org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A></DL>
101</PRE>
102
103<P>
104Receives events based on the HTML stream, and applies a policy to decide
105 what HTML constructs to allow.
106 Typically, implementations use an <A HREF="/org/owasp/html/HtmlStreamRenderer.html" title="class in org.owasp.html"><CODE>HtmlStreamRenderer</CODE></A> to produce
107 the sanitized output.
108
109 <p>
110 <b>Implementations of this class are in the TCB.</b></p>
111<P>
112
113<P>
114<HR>
115
116<P>
117
118<!-- ========== METHOD SUMMARY =========== -->
119
120<A NAME="method_summary"><!-- --></A>
121<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
122<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
123<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2">
124<B>Method Summary</B></FONT></TH>
125</TR>
126<TR BGCOLOR="white" CLASS="TableRowColor">
127<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
128<CODE>&nbsp;void</CODE></FONT></TD>
129<TD><CODE><B><A HREF="/org/owasp/html/HtmlSanitizer.Policy.html#closeTag(java.lang.String)">closeTag</A></B>(java.lang.String&nbsp;elementName)</CODE>
130
131<BR>
132&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Called when an HTML tag like <code>&lt;/foo&gt;</code> is seen in the input.</TD>
133</TR>
134<TR BGCOLOR="white" CLASS="TableRowColor">
135<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
136<CODE>&nbsp;void</CODE></FONT></TD>
137<TD><CODE><B><A HREF="/org/owasp/html/HtmlSanitizer.Policy.html#openTag(java.lang.String, java.util.List)">openTag</A></B>(java.lang.String&nbsp;elementName,
138               java.util.List&lt;java.lang.String&gt;&nbsp;attrs)</CODE>
139
140<BR>
141&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Called when an HTML tag like <code>&lt;foo bar=baz&gt;</code> is seen in the input.</TD>
142</TR>
143<TR BGCOLOR="white" CLASS="TableRowColor">
144<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
145<CODE>&nbsp;void</CODE></FONT></TD>
146<TD><CODE><B><A HREF="/org/owasp/html/HtmlSanitizer.Policy.html#text(java.lang.String)">text</A></B>(java.lang.String&nbsp;textChunk)</CODE>
147
148<BR>
149&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Called when textual content is seen.</TD>
150</TR>
151</TABLE>
152&nbsp;<A NAME="methods_inherited_from_class_org.owasp.html.HtmlStreamEventReceiver"><!-- --></A>
153<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
154<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor">
155<TH ALIGN="left"><B>Methods inherited from interface org.owasp.html.<A HREF="/org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A></B></TH>
156</TR>
157<TR BGCOLOR="white" CLASS="TableRowColor">
158<TD><CODE><A HREF="/org/owasp/html/HtmlStreamEventReceiver.html#closeDocument()">closeDocument</A>, <A HREF="/org/owasp/html/HtmlStreamEventReceiver.html#openDocument()">openDocument</A></CODE></TD>
159</TR>
160</TABLE>
161&nbsp;
162<P>
163
164<!-- ============ METHOD DETAIL ========== -->
165
166<A NAME="method_detail"><!-- --></A>
167<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
168<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
169<TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2">
170<B>Method Detail</B></FONT></TH>
171</TR>
172</TABLE>
173
174<A NAME="openTag(java.lang.String, java.util.List)"><!-- --></A><H3>
175openTag</H3>
176<PRE>
177void <A HREF="/src-html/org/owasp/html/HtmlSanitizer.Policy.html#line.67"><B>openTag</B></A>(java.lang.String&nbsp;elementName,
178             java.util.List&lt;java.lang.String&gt;&nbsp;attrs)</PRE>
179<DL>
180<DD>Called when an HTML tag like <code>&lt;foo bar=baz&gt;</code> is seen in the input.
181<P>
182<DD><DL>
183<DT><B>Specified by:</B><DD><CODE><A HREF="/org/owasp/html/HtmlStreamEventReceiver.html#openTag(java.lang.String, java.util.List)">openTag</A></CODE> in interface <CODE><A HREF="/org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A></CODE></DL>
184</DD>
185<DD><DL>
186<DT><B>Parameters:</B><DD><CODE>elementName</CODE> - a normalized (lower-case for non-namespaced names)
187     element name.<DD><CODE>attrs</CODE> - a list of alternating attribute name and value pairs.
188     For efficiency, this list may be mutated by this during this method
189     call, but ownership reverts to the caller on method exit.
190     The values are raw -- HTML entities have been decoded.
191     Specifically, implementations are allowed to use a list iterator
192     and remove all disallowed attributes, add necessary attributes, and
193     then pass the list to an <A HREF="/org/owasp/html/HtmlStreamRenderer.html" title="class in org.owasp.html"><CODE>HtmlStreamRenderer</CODE></A>.</DL>
194</DD>
195</DL>
196<HR>
197
198<A NAME="closeTag(java.lang.String)"><!-- --></A><H3>
199closeTag</H3>
200<PRE>
201void <A HREF="/src-html/org/owasp/html/HtmlSanitizer.Policy.html#line.75"><B>closeTag</B></A>(java.lang.String&nbsp;elementName)</PRE>
202<DL>
203<DD>Called when an HTML tag like <code>&lt;/foo&gt;</code> is seen in the input.
204<P>
205<DD><DL>
206<DT><B>Specified by:</B><DD><CODE><A HREF="/org/owasp/html/HtmlStreamEventReceiver.html#closeTag(java.lang.String)">closeTag</A></CODE> in interface <CODE><A HREF="/org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A></CODE></DL>
207</DD>
208<DD><DL>
209<DT><B>Parameters:</B><DD><CODE>elementName</CODE> - a normalized (lower-case for non-namespaced names)
210     element name.</DL>
211</DD>
212</DL>
213<HR>
214
215<A NAME="text(java.lang.String)"><!-- --></A><H3>
216text</H3>
217<PRE>
218void <A HREF="/src-html/org/owasp/html/HtmlSanitizer.Policy.html#line.81"><B>text</B></A>(java.lang.String&nbsp;textChunk)</PRE>
219<DL>
220<DD>Called when textual content is seen.
221<P>
222<DD><DL>
223<DT><B>Specified by:</B><DD><CODE><A HREF="/org/owasp/html/HtmlStreamEventReceiver.html#text(java.lang.String)">text</A></CODE> in interface <CODE><A HREF="/org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html">HtmlStreamEventReceiver</A></CODE></DL>
224</DD>
225<DD><DL>
226<DT><B>Parameters:</B><DD><CODE>textChunk</CODE> - raw content -- HTML entities have been decoded.</DL>
227</DD>
228</DL>
229<!-- ========= END OF CLASS DATA ========= -->
230<HR>
231
232
233<!-- ======= START OF BOTTOM NAVBAR ====== -->
234<A NAME="navbar_bottom"><!-- --></A>
235<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
236<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
237<TR>
238<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
239<A NAME="navbar_bottom_firstrow"><!-- --></A>
240<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
241  <TR ALIGN="center" VALIGN="top">
242  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="/overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
243  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
244  <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
245  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="class-use/HtmlSanitizer.Policy.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
246  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
247  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="/deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
248  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="/index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
249  </TR>
250</TABLE>
251</TD>
252<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
253<a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM>
254</TD>
255</TR>
256
257<TR>
258<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
259&nbsp;<A HREF="/org/owasp/html/HtmlSanitizer.html" title="class in org.owasp.html"><B>PREV CLASS</B></A>&nbsp;
260&nbsp;<A HREF="/org/owasp/html/HtmlStreamEventReceiver.html" title="interface in org.owasp.html"><B>NEXT CLASS</B></A></FONT></TD>
261<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
262  <A HREF="/index.html?org/owasp/html/HtmlSanitizer.Policy.html" target="_top"><B>FRAMES</B></A>  &nbsp;
263&nbsp;<A HREF="HtmlSanitizer.Policy.html" target="_top"><B>NO FRAMES</B></A>  &nbsp;
264&nbsp;<SCRIPT type="text/javascript">
265  <!--
266  if(window==top) {
267    document.writeln('<A HREF="/allclasses-noframe.html"><B>All Classes</B></A>');
268  }
269  //-->
270</SCRIPT>
271<NOSCRIPT>
272  <A HREF="/allclasses-noframe.html"><B>All Classes</B></A>
273</NOSCRIPT>
274
275
276</FONT></TD>
277</TR>
278<TR>
279<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
280  SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
281<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
282DETAIL:&nbsp;FIELD&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
283</TR>
284</TABLE>
285<A NAME="skip-navbar_bottom"></A>
286<!-- ======== END OF BOTTOM NAVBAR ======= -->
287
288<HR>
289
290</BODY>
291</HTML>
292