public final class ExpandedHtmlSanitizer extends Object
SimpleHtmlSanitizer
, but with a larger set
of formatting tags that make this sanitizer more useful. These tags were determined to be safe by conducting
a manual review of formatting tags that don't require attributes to be useful from the full list of tags at:
http://www.w3schools.com/tags/
This sanitizer accepts only the following subset of HTML tags and only when used with no attributes:
<b>
, <big>
, <del>
, <em>
, <i>
, <ins>
, <mark>
, <s>
, <small>
,
<strike>
, <strong>
, <sub>
, <sup>
, <u>
<br>
, <div>
, <center>
, <hr>
, <p>
, <span>
<h1>
, <h2>
, <h3>
, <h4>
, <h5>
, <h6>
<dd>
, <dir>
, <dl>
, <dt>
, <li>
, <ol>
, <ul>
<address>
, <article>
, <aside>
, <blockquote>
, <cite>
, <code>
, <details>
,
<dfn>
, <footer>
, <header>
, <kbd>
, <main>
, <pre>
, <q>
, <samp>
,
<section>
, <summary>
, <tt>
<table>
, <tbody>
, <td>
, <tfoot>
, <th>
, <thead>
, <tr>
<bdi>
, <rp>
, <rt>
, <ruby>
, <wbr>
Modifier and Type | Method and Description |
---|---|
static ExpandedHtmlSanitizer |
getInstance()
Return a singleton ExpandedHtmlSanitizer instance.
|
SafeHtml |
sanitize(String html) |
static SafeHtml |
sanitizeHtml(String html)
HTML-sanitizes a string.
|
public static ExpandedHtmlSanitizer getInstance()
public static SafeHtml sanitizeHtml(String html)
The input string is processed as described above. The result of sanitizing
the string is guaranteed to be safe to use (with respect to XSS
vulnerabilities) in HTML contexts, and is returned as an instance of the
SafeHtml
type.
html
- the input Stringpublic SafeHtml sanitize(String html)
Copyright © 2018. All rights reserved.