@Component(value="cuba_HtmlSanitizer")
public class HtmlSanitizer
extends java.lang.Object
The default policy factory contains special policies for the font element, because the RichTextArea
component
supports the font element as value. Also default policy factory contains policies that are not contained in
standard Sanitizers
.
Modifier and Type | Field and Description |
---|---|
protected static java.lang.String |
A_ELEMENT_NAME |
protected static java.lang.String |
CLASS_ATTRIBUTE_NAME |
protected static java.util.regex.Pattern |
CLASS_PATTERN |
protected static java.lang.String |
CLASS_REGEXP
Html class regexp.
|
protected static com.google.common.collect.ImmutableSet<java.lang.String> |
DEFAULT_WHITELIST
The additional css schema whitelist that was not included in the default whitelist in
Sanitizers.STYLES . |
protected static java.lang.String |
FONT_COLOR_ATTRIBUTE_NAME |
protected static java.util.regex.Pattern |
FONT_COLOR_PATTERN |
protected static java.lang.String |
FONT_COLOR_REGEXP
Font color regexp.
|
protected static java.lang.String |
FONT_FACE_ATTRIBUTE_NAME |
protected static java.util.regex.Pattern |
FONT_FACE_PATTERN |
protected static java.lang.String |
FONT_FACE_REGEXP
Font face regexp.
|
protected static java.lang.String |
FONT_SIZE_ATTRIBUTE_NAME |
protected static java.util.regex.Pattern |
FONT_SIZE_PATTERN |
protected static java.lang.String |
FONT_SIZE_REGEXP
Font size regexp.
|
protected static java.lang.String |
HREF_ATTRIBUTE_NAME |
static java.lang.String |
NAME |
protected static java.lang.String |
NOOPENNER_REL_VALUE |
protected static java.lang.String |
NOREFERRER_REL_VALUE |
protected org.owasp.html.PolicyFactory |
policyFactory |
protected static java.lang.String |
TARGET_ATTRIBUTE_NAME |
protected static com.google.common.collect.ImmutableSet<java.lang.String> |
TARGET_ATTRIBUTE_VALUES |
Constructor and Description |
---|
HtmlSanitizer() |
Modifier and Type | Method and Description |
---|---|
protected com.google.common.collect.ImmutableMap<java.lang.String,org.owasp.html.CssSchema.Property> |
getAdditionalStylePolicies() |
org.owasp.html.PolicyFactory |
getPolicyFactory() |
protected void |
initDefaultPolicyFactory()
Init default policy factory that is used to produce HTML sanitizer policies that sanitize a sting of HTML.
|
java.lang.String |
sanitize(java.lang.String html)
Sanitizes a string of HTML according to the factory's policy.
|
void |
setPolicyFactory(org.owasp.html.PolicyFactory policyFactory)
Sets policy factory.
|
public static final java.lang.String NAME
protected static final java.lang.String FONT_SIZE_REGEXP
Regexp explanation:
[0-7]
- matches a number in the range 0 to 7|
- acts like a boolean OR[+-]?(?:[0-9]+)
- matches a relative font size valueExample:
<font size="7"/>
protected static final java.util.regex.Pattern FONT_SIZE_PATTERN
protected static final java.lang.String FONT_SIZE_ATTRIBUTE_NAME
protected static final java.lang.String FONT_FACE_REGEXP
Regexp explanation:
[\w;, \-]+
- matches font names separated by comma or semicolonExample:
<font face="Verdana"/>
protected static final java.util.regex.Pattern FONT_FACE_PATTERN
protected static final java.lang.String FONT_FACE_ATTRIBUTE_NAME
protected static final java.lang.String FONT_COLOR_REGEXP
Regexp explanation:
(#(?:[0-9a-f]{2}){2,4}|(#[0-9a-f]{3})
- matches hexademical color|
- acts like a boolean OR(rgb|hsl)a?\((-?\d+%?[,\s]+){2,3}\s*[d\.]+%?\)
- matches RGB, RGBA, HSL, HSLA colors"color_name"
- matches color by nameExample:
<font color="#0000ff"/>
protected static final java.util.regex.Pattern FONT_COLOR_PATTERN
protected static final java.lang.String FONT_COLOR_ATTRIBUTE_NAME
protected static final java.lang.String CLASS_REGEXP
Regexp explanation:
a-zA-Z
- matches a single character in the range: a-z, A-Z0-9
- matches a single character in the range: 0-9,
- matches a comma character\\s
- matches any whitespace character\\-
- matches a dash character_
- matches an underscore character []+
- matches between one and unlimited timesExample:
<div class="v-app"/>
protected static final java.util.regex.Pattern CLASS_PATTERN
protected static final java.lang.String CLASS_ATTRIBUTE_NAME
protected static final java.lang.String A_ELEMENT_NAME
protected static final java.lang.String HREF_ATTRIBUTE_NAME
protected static final java.lang.String TARGET_ATTRIBUTE_NAME
protected static final com.google.common.collect.ImmutableSet<java.lang.String> TARGET_ATTRIBUTE_VALUES
protected static final java.lang.String NOOPENNER_REL_VALUE
protected static final java.lang.String NOREFERRER_REL_VALUE
protected static final com.google.common.collect.ImmutableSet<java.lang.String> DEFAULT_WHITELIST
Sanitizers.STYLES
. .protected org.owasp.html.PolicyFactory policyFactory
public java.lang.String sanitize(@Nullable java.lang.String html)
html
- the string of HTML to sanitize@Nonnull public org.owasp.html.PolicyFactory getPolicyFactory()
public void setPolicyFactory(@Nonnull org.owasp.html.PolicyFactory policyFactory)
policyFactory
- a policy factoryprotected void initDefaultPolicyFactory()
protected com.google.common.collect.ImmutableMap<java.lang.String,org.owasp.html.CssSchema.Property> getAdditionalStylePolicies()
Sanitizers.STYLES
.