Class HtmlSanitizer


  • public final class HtmlSanitizer
    extends java.lang.Object
    Consumes an HTML stream, and dispatches events to a policy object which decides which elements and attributes to allow.
    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static interface  HtmlSanitizer.Policy
      Receives events based on the HTML stream, and applies a policy to decide what HTML constructs to allow.
    • Constructor Summary

      Constructors 
      Constructor Description
      HtmlSanitizer()  
    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static void sanitize​(java.lang.String html, HtmlSanitizer.Policy policy)
      Sanitizes the given HTML by applying the given policy to it.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • HtmlSanitizer

        public HtmlSanitizer()
    • Method Detail

      • sanitize

        public static void sanitize​(@Nullable
                                    java.lang.String html,
                                    HtmlSanitizer.Policy policy)
        Sanitizes the given HTML by applying the given policy to it.

        This method is not in the TCB.

        This method has no return value since policies are assumed to render things they accept and do nothing on things they reject. Use HtmlStreamRenderer to render content to an output buffer.

        Parameters:
        html - A snippet of HTML to sanitize. null is treated as the empty string and will not result in a NullPointerException.
        policy - The Policy that will receive events based on the tokens in html. Typically, this policy ends up routing the events to an HtmlStreamRenderer after filtering. HtmlPolicyBuilder provides an easy way to create policies.