Package com.google.gwt.safehtml.shared

Class SimpleHtmlSanitizer

java.lang.Object

com.google.gwt.safehtml.shared.SimpleHtmlSanitizer

All Implemented Interfaces:

HtmlSanitizer

public final class SimpleHtmlSanitizer
extends Object
implements HtmlSanitizer

A simple and relatively inexpensive HTML sanitizer.

This sanitizer accepts the subset of HTML consisting of the following attribute-free tags:

• <b>, <em>, <i>
• <h1>, <h2>, <h3>, <h4>, <h5>, <h6>
• <ul>, <ol>, <li>
• <br>, <hr>, <strong>

as well as numeric HTML entities and HTML entity references. Any HTML metacharacters that do not appear as part of markup in this subset will be HTML-escaped.

Method Summary

Modifier and Type	Method	Description
static SimpleHtmlSanitizer	getInstance()	Return a singleton SimpleHtmlSanitizer instance.
SafeHtml	sanitize(String html)	Sanitizes a string into SafeHtml.
static SafeHtml	sanitizeHtml(String html)	HTML-sanitizes a string.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

getInstance

public static SimpleHtmlSanitizer getInstance()

Return a singleton SimpleHtmlSanitizer instance.

Returns:

the instance

sanitizeHtml

public static SafeHtml sanitizeHtml(String html)

HTML-sanitizes a string.

The input string is processed as described above. The result of sanitizing the string is guaranteed to be safe to use (with respect to XSS vulnerabilities) in HTML contexts, and is returned as an instance of the SafeHtml type.

Parameters:

html - the input String

Returns:

a sanitized SafeHtml instance

sanitize

public SafeHtml sanitize(String html)

Description copied from interface: HtmlSanitizer

Sanitizes a string into SafeHtml.

Specified by:

sanitize in interface HtmlSanitizer

Parameters:

html - String containing untrusted HTML.

Returns:

Contents of html, sanitized according to the policy implemented by this sanitizer.