Class ExpandedHtmlSanitizer

  • All Implemented Interfaces:
    com.google.gwt.safehtml.shared.HtmlSanitizer

    public final class ExpandedHtmlSanitizer
    extends Object
    implements com.google.gwt.safehtml.shared.HtmlSanitizer
    An expanded HTML sanitizer based on SimpleHtmlSanitizer, but with a larger set of formatting tags that make this sanitizer more useful. These tags were determined to be safe by conducting a manual review of formatting tags that don't require attributes to be useful from the full list of tags at: http://www.w3schools.com/tags/

    This sanitizer accepts only the following subset of HTML tags and only when used with no attributes:

    • <b>, <big>, <del>, <em>, <i>, <ins>, <mark>, <s>, <small>, <strike>, <strong>, <sub>, <sup>, <u>
    • <br>, <div>, <center>, <hr>, <p>, <span>
    • <h1>, <h2>, <h3>, <h4>, <h5>, <h6>
    • <dd>, <dir>, <dl>, <dt>, <li>, <ol>, <ul>
    • <address>, <article>, <aside>, <blockquote>, <cite>, <code>, <details>, <dfn>, <footer>, <header>, <kbd>, <main>, <pre>, <q>, <samp>, <section>, <summary>, <tt>
    • <table>, <tbody>, <td>, <tfoot>, <th>, <thead>, <tr>
    • <bdi>, <rp>, <rt>, <ruby>, <wbr>
    as well as numeric HTML entities and HTML entity references. Any HTML metacharacters that do not appear as part of markup in this subset will be escaped.
    • Method Detail

      • getInstance

        public static ExpandedHtmlSanitizer getInstance()
        Return a singleton ExpandedHtmlSanitizer instance.
        Returns:
        the instance
      • sanitizeHtml

        public static com.google.gwt.safehtml.shared.SafeHtml sanitizeHtml​(String html)
        HTML-sanitizes a string.

        The input string is processed as described above. The result of sanitizing the string is guaranteed to be safe to use (with respect to XSS vulnerabilities) in HTML contexts, and is returned as an instance of the SafeHtml type.

        Parameters:
        html - the input String
        Returns:
        a sanitized SafeHtml instance
      • sanitize

        public com.google.gwt.safehtml.shared.SafeHtml sanitize​(String html)
        Specified by:
        sanitize in interface com.google.gwt.safehtml.shared.HtmlSanitizer