Package com.google.gwt.safehtml.shared

Class SimpleHtmlSanitizer

  • All Implemented Interfaces:
    HtmlSanitizer
    public final class SimpleHtmlSanitizer
extends java.lang.Object
implements HtmlSanitizer
    A simple and relatively inexpensive HTML sanitizer.

    This sanitizer accepts the subset of HTML consisting of the following attribute-free tags:

    • <b>, <em>, <i>
    • <h1>, <h2>, <h3>, <h4>, <h5>, <h6>
    • <ul>, <ol>, <li>
    • <br>, <hr>, <strong>
    as well as numeric HTML entities and HTML entity references. Any HTML metacharacters that do not appear as part of markup in this subset will be HTML-escaped.

    • Method Detail

      • getInstance

        public static SimpleHtmlSanitizer getInstance()
        Return a singleton SimpleHtmlSanitizer instance.
        Returns:
        the instance

      • sanitizeHtml

        public static SafeHtml sanitizeHtml​(java.lang.String html)
        HTML-sanitizes a string.

        The input string is processed as described above. The result of sanitizing the string is guaranteed to be safe to use (with respect to XSS vulnerabilities) in HTML contexts, and is returned as an instance of the SafeHtml type.

        Parameters:
        html - the input String
        Returns:
        a sanitized SafeHtml instance

      • sanitize

        public SafeHtml sanitize​(java.lang.String html)
        Description copied from interface: HtmlSanitizer
        Sanitizes a string into SafeHtml.
        Specified by:
        sanitize in interface HtmlSanitizer
        Parameters:
        html - String containing untrusted HTML.
        Returns:
        Contents of html, sanitized according to the policy implemented by this sanitizer.