1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 2<!--NewPage--> 3<HTML> 4<HEAD> 5<META http-equiv="Content-Type" content="text/html; charset=UTF-8"> 6<TITLE> 7Uses of Class org.owasp.html.HtmlPolicyBuilder (OWASP Java HTML Sanitizer) 8</TITLE> 9 10 11<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../stylesheet.css" TITLE="Style"> 12 13<SCRIPT type="text/javascript"> 14function windowTitle() 15{ 16 if (location.href.indexOf('is-external=true') == -1) { 17 parent.document.title="Uses of Class org.owasp.html.HtmlPolicyBuilder (OWASP Java HTML Sanitizer)"; 18 } 19} 20</SCRIPT> 21<NOSCRIPT> 22</NOSCRIPT> 23 24</HEAD> 25 26<BODY BGCOLOR="white" onload="windowTitle();"> 27<HR> 28 29 30<!-- ========= START OF TOP NAVBAR ======= --> 31<A NAME="navbar_top"><!-- --></A> 32<A HREF="#skip-navbar_top" title="Skip navigation links"></A> 33<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> 34<TR> 35<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> 36<A NAME="navbar_top_firstrow"><!-- --></A> 37<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> 38 <TR ALIGN="center" VALIGN="top"> 39 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> 40 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A> </TD> 41 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A> </TD> 42 <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT> </TD> 43 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> 44 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> 45 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> 46 </TR> 47</TABLE> 48</TD> 49<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> 50<a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM> 51</TD> 52</TR> 53 54<TR> 55<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 56 PREV 57 NEXT</FONT></TD> 58<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 59 <A HREF="../../../../index.html?org/owasp/html//class-useHtmlPolicyBuilder.html" target="_top"><B>FRAMES</B></A> 60 <A HREF="HtmlPolicyBuilder.html" target="_top"><B>NO FRAMES</B></A> 61 <SCRIPT type="text/javascript"> 62 <!-- 63 if(window==top) { 64 document.writeln('<A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A>'); 65 } 66 //--> 67</SCRIPT> 68<NOSCRIPT> 69 <A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A> 70</NOSCRIPT> 71 72 73</FONT></TD> 74</TR> 75</TABLE> 76<A NAME="skip-navbar_top"></A> 77<!-- ========= END OF TOP NAVBAR ========= --> 78 79<HR> 80<CENTER> 81<H2> 82<B>Uses of Class<br>org.owasp.html.HtmlPolicyBuilder</B></H2> 83</CENTER> 84 85<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 86<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 87<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 88Packages that use <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></FONT></TH> 89</TR> 90<TR BGCOLOR="white" CLASS="TableRowColor"> 91<TD><A HREF="#org.owasp.html"><B>org.owasp.html</B></A></TD> 92<TD>An efficient <A HREF="../../../../org/owasp/html/HtmlSanitizer.html" title="class in org.owasp.html"><CODE>HtmlSanitizer</CODE></A> 93 configurable via a flexible 94 <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html"><CODE>HtmlPolicyBuilder</CODE></A>. </TD> 95</TR> 96</TABLE> 97 98<P> 99<A NAME="org.owasp.html"><!-- --></A> 100<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 101<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 102<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 103Uses of <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A> in <A HREF="../../../../org/owasp/html/package-summary.html">org.owasp.html</A></FONT></TH> 104</TR> 105</TABLE> 106 107<P> 108 109<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 110<TR BGCOLOR="#CCCCFF" CLASS="TableSubHeadingColor"> 111<TH ALIGN="left" COLSPAN="2">Methods in <A HREF="../../../../org/owasp/html/package-summary.html">org.owasp.html</A> that return <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></FONT></TH> 112</TR> 113<TR BGCOLOR="white" CLASS="TableRowColor"> 114<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 115<CODE> <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></CODE></FONT></TD> 116<TD><CODE><B>HtmlPolicyBuilder.</B><B><A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html#allowCommonBlockElements()">allowCommonBlockElements</A></B>()</CODE> 117 118<BR> 119 A canned policy that allows a number of common block elements.</TD> 120</TR> 121<TR BGCOLOR="white" CLASS="TableRowColor"> 122<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 123<CODE> <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></CODE></FONT></TD> 124<TD><CODE><B>HtmlPolicyBuilder.</B><B><A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html#allowCommonInlineFormattingElements()">allowCommonInlineFormattingElements</A></B>()</CODE> 125 126<BR> 127 A canned policy that allows a number of common formatting elements.</TD> 128</TR> 129<TR BGCOLOR="white" CLASS="TableRowColor"> 130<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 131<CODE> <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></CODE></FONT></TD> 132<TD><CODE><B>HtmlPolicyBuilder.</B><B><A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html#allowElements(org.owasp.html.ElementPolicy, java.lang.String...)">allowElements</A></B>(<A HREF="../../../../org/owasp/html/ElementPolicy.html" title="interface in org.owasp.html">ElementPolicy</A> policy, 133 java.lang.String... elementNames)</CODE> 134 135<BR> 136 Allow the given elements with the given policy.</TD> 137</TR> 138<TR BGCOLOR="white" CLASS="TableRowColor"> 139<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 140<CODE> <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></CODE></FONT></TD> 141<TD><CODE><B>HtmlPolicyBuilder.</B><B><A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html#allowElements(java.lang.String...)">allowElements</A></B>(java.lang.String... elementNames)</CODE> 142 143<BR> 144 Allows the named elements.</TD> 145</TR> 146<TR BGCOLOR="white" CLASS="TableRowColor"> 147<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 148<CODE> <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></CODE></FONT></TD> 149<TD><CODE><B>HtmlPolicyBuilder.</B><B><A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html#allowStandardUrlProtocols()">allowStandardUrlProtocols</A></B>()</CODE> 150 151<BR> 152 A canned URL protocol policy that allows <code>http</code>, 153 <code>https</code>, and <code>mailto</code>.</TD> 154</TR> 155<TR BGCOLOR="white" CLASS="TableRowColor"> 156<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 157<CODE> <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></CODE></FONT></TD> 158<TD><CODE><B>HtmlPolicyBuilder.</B><B><A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html#allowStyling()">allowStyling</A></B>()</CODE> 159 160<BR> 161 Convert <code>style="<CSS>"</code> to sanitized CSS which allows 162 color, font-size, type-face, and other styling using the default schema; 163 but which does not allow content to escape its clipping context.</TD> 164</TR> 165<TR BGCOLOR="white" CLASS="TableRowColor"> 166<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 167<CODE> <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></CODE></FONT></TD> 168<TD><CODE><B>HtmlPolicyBuilder.</B><B><A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html#allowStyling(org.owasp.html.CssSchema)">allowStyling</A></B>(<A HREF="../../../../org/owasp/html/CssSchema.html" title="class in org.owasp.html">CssSchema</A> whitelist)</CODE> 169 170<BR> 171 Convert <code>style="<CSS>"</code> to sanitized CSS which allows 172 color, font-size, type-face, and other styling using the given schema.</TD> 173</TR> 174<TR BGCOLOR="white" CLASS="TableRowColor"> 175<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 176<CODE> <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></CODE></FONT></TD> 177<TD><CODE><B>HtmlPolicyBuilder.</B><B><A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html#allowTextIn(java.lang.String...)">allowTextIn</A></B>(java.lang.String... elementNames)</CODE> 178 179<BR> 180 Allows text content in the named elements.</TD> 181</TR> 182<TR BGCOLOR="white" CLASS="TableRowColor"> 183<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 184<CODE> <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></CODE></FONT></TD> 185<TD><CODE><B>HtmlPolicyBuilder.</B><B><A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html#allowUrlProtocols(java.lang.String...)">allowUrlProtocols</A></B>(java.lang.String... protocols)</CODE> 186 187<BR> 188 Adds to the set of protocols that are allowed in URL attributes.</TD> 189</TR> 190<TR BGCOLOR="white" CLASS="TableRowColor"> 191<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 192<CODE> <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></CODE></FONT></TD> 193<TD><CODE><B>HtmlPolicyBuilder.</B><B><A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html#allowWithoutAttributes(java.lang.String...)">allowWithoutAttributes</A></B>(java.lang.String... elementNames)</CODE> 194 195<BR> 196 Assuming the given elements are allowed, allows them to appear without 197 attributes.</TD> 198</TR> 199<TR BGCOLOR="white" CLASS="TableRowColor"> 200<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 201<CODE> <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></CODE></FONT></TD> 202<TD><CODE><B>HtmlPolicyBuilder.</B><B><A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html#disallowElements(java.lang.String...)">disallowElements</A></B>(java.lang.String... elementNames)</CODE> 203 204<BR> 205 Disallows the named elements.</TD> 206</TR> 207<TR BGCOLOR="white" CLASS="TableRowColor"> 208<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 209<CODE> <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></CODE></FONT></TD> 210<TD><CODE><B>HtmlPolicyBuilder.</B><B><A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html#disallowTextIn(java.lang.String...)">disallowTextIn</A></B>(java.lang.String... elementNames)</CODE> 211 212<BR> 213 </TD> 214</TR> 215<TR BGCOLOR="white" CLASS="TableRowColor"> 216<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 217<CODE> <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></CODE></FONT></TD> 218<TD><CODE><B>HtmlPolicyBuilder.</B><B><A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html#disallowUrlProtocols(java.lang.String...)">disallowUrlProtocols</A></B>(java.lang.String... protocols)</CODE> 219 220<BR> 221 Reverses a decision made by <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html#allowUrlProtocols(java.lang.String...)"><CODE>allowUrlProtocols(java.lang.String...)</CODE></A>.</TD> 222</TR> 223<TR BGCOLOR="white" CLASS="TableRowColor"> 224<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 225<CODE> <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></CODE></FONT></TD> 226<TD><CODE><B>HtmlPolicyBuilder.</B><B><A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html#disallowWithoutAttributes(java.lang.String...)">disallowWithoutAttributes</A></B>(java.lang.String... elementNames)</CODE> 227 228<BR> 229 Disallows the given elements from appearing without attributes.</TD> 230</TR> 231<TR BGCOLOR="white" CLASS="TableRowColor"> 232<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 233<CODE> <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></CODE></FONT></TD> 234<TD><CODE><B>HtmlPolicyBuilder.AttributeBuilder.</B><B><A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html#globally()">globally</A></B>()</CODE> 235 236<BR> 237 Allows the given attributes on any elements but filters the 238 attributes' values based on previous calls to <code>matching(...)</code>.</TD> 239</TR> 240<TR BGCOLOR="white" CLASS="TableRowColor"> 241<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 242<CODE> <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></CODE></FONT></TD> 243<TD><CODE><B>HtmlPolicyBuilder.AttributeBuilder.</B><B><A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.AttributeBuilder.html#onElements(java.lang.String...)">onElements</A></B>(java.lang.String... elementNames)</CODE> 244 245<BR> 246 Allows the named attributes on the given elements but filters the 247 attributes' values based on previous calls to <code>matching(...)</code>.</TD> 248</TR> 249<TR BGCOLOR="white" CLASS="TableRowColor"> 250<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 251<CODE> <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html">HtmlPolicyBuilder</A></CODE></FONT></TD> 252<TD><CODE><B>HtmlPolicyBuilder.</B><B><A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html#requireRelNofollowOnLinks()">requireRelNofollowOnLinks</A></B>()</CODE> 253 254<BR> 255 Adds <a href="http://en.wikipedia.org/wiki/Nofollow"><code>rel=nofollow</code></a> 256 to links.</TD> 257</TR> 258</TABLE> 259 260<P> 261<HR> 262 263 264<!-- ======= START OF BOTTOM NAVBAR ====== --> 265<A NAME="navbar_bottom"><!-- --></A> 266<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A> 267<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> 268<TR> 269<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> 270<A NAME="navbar_bottom_firstrow"><!-- --></A> 271<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> 272 <TR ALIGN="center" VALIGN="top"> 273 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> 274 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A> </TD> 275 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../org/owasp/html/HtmlPolicyBuilder.html" title="class in org.owasp.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A> </TD> 276 <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT> </TD> 277 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> 278 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> 279 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> 280 </TR> 281</TABLE> 282</TD> 283<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> 284<a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM> 285</TD> 286</TR> 287 288<TR> 289<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 290 PREV 291 NEXT</FONT></TD> 292<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 293 <A HREF="../../../../index.html?org/owasp/html//class-useHtmlPolicyBuilder.html" target="_top"><B>FRAMES</B></A> 294 <A HREF="HtmlPolicyBuilder.html" target="_top"><B>NO FRAMES</B></A> 295 <SCRIPT type="text/javascript"> 296 <!-- 297 if(window==top) { 298 document.writeln('<A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A>'); 299 } 300 //--> 301</SCRIPT> 302<NOSCRIPT> 303 <A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A> 304</NOSCRIPT> 305 306 307</FONT></TD> 308</TR> 309</TABLE> 310<A NAME="skip-navbar_bottom"></A> 311<!-- ======== END OF BOTTOM NAVBAR ======= --> 312 313<HR> 314 315</BODY> 316</HTML> 317