|
||||||||||
PREV NEXT | FRAMES NO FRAMES |
http
,
https
, and mailto
.
style="<CSS>"
to simple non-JS containing
<font>
tags to allow color, font-size, typeface, and
other styling.
<p>
,
<h1>
, etc.
</foo>
is seen in the input.
allow
.
HtmlPolicyBuilder.allowUrlProtocols(java.lang.String...)
.
<b>
, <i>
, etc.
matching(...)
.
HtmlSanitizer
.<img>
elements from HTTP, HTTPS, and relative sources.
allow*
calls.
allow*
calls to those
matching the pattern.
allow*
calls to those
matching the given predicate.
allow*
calls to those
supplied.
allow*
calls to those
supplied.
matching(...)
.
<foo bar=baz>
is seen in the input.
HtmlSanitizer
configurable via a flexible
HtmlPolicyBuilder
.sanitize
method and a and
method to compose
policies.rel=nofollow
to links.
style="..."
attributes.
HtmlPolicyBuilder.build(org.owasp.html.HtmlStreamEventReceiver)
but can be reused to create many different policies
each backed by a different output channel.
|
||||||||||
PREV NEXT | FRAMES NO FRAMES |