Package com.sencha.gxt.core.shared
Class ExpandedHtmlSanitizer
- java.lang.Object
-
- com.sencha.gxt.core.shared.ExpandedHtmlSanitizer
-
- All Implemented Interfaces:
com.google.gwt.safehtml.shared.HtmlSanitizer
public final class ExpandedHtmlSanitizer extends Object implements com.google.gwt.safehtml.shared.HtmlSanitizer
An expanded HTML sanitizer based on SimpleHtmlSanitizer, but with a larger set of formatting tags that make this sanitizer more useful. These tags were determined to be safe by conducting a manual review of formatting tags that don't require attributes to be useful from the full list of tags at: http://www.w3schools.com/tags/This sanitizer accepts only the following subset of HTML tags and only when used with no attributes:
<b>
,<big>
,<del>
,<em>
,<i>
,<ins>
,<mark>
,<s>
,<small>
,<strike>
,<strong>
,<sub>
,<sup>
,<u>
<br>
,<div>
,<center>
,<hr>
,<p>
,<span>
<h1>
,<h2>
,<h3>
,<h4>
,<h5>
,<h6>
<dd>
,<dir>
,<dl>
,<dt>
,<li>
,<ol>
,<ul>
<address>
,<article>
,<aside>
,<blockquote>
,<cite>
,<code>
,<details>
,<dfn>
,<footer>
,<header>
,<kbd>
,<main>
,<pre>
,<q>
,<samp>
,<section>
,<summary>
,<tt>
<table>
,<tbody>
,<td>
,<tfoot>
,<th>
,<thead>
,<tr>
<bdi>
,<rp>
,<rt>
,<ruby>
,<wbr>
-
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static ExpandedHtmlSanitizer
getInstance()
Return a singleton ExpandedHtmlSanitizer instance.com.google.gwt.safehtml.shared.SafeHtml
sanitize(String html)
static com.google.gwt.safehtml.shared.SafeHtml
sanitizeHtml(String html)
HTML-sanitizes a string.
-
-
-
Method Detail
-
getInstance
public static ExpandedHtmlSanitizer getInstance()
Return a singleton ExpandedHtmlSanitizer instance.- Returns:
- the instance
-
sanitizeHtml
public static com.google.gwt.safehtml.shared.SafeHtml sanitizeHtml(String html)
HTML-sanitizes a string.The input string is processed as described above. The result of sanitizing the string is guaranteed to be safe to use (with respect to XSS vulnerabilities) in HTML contexts, and is returned as an instance of the
SafeHtml
type.- Parameters:
html
- the input String- Returns:
- a sanitized SafeHtml instance
-
sanitize
public com.google.gwt.safehtml.shared.SafeHtml sanitize(String html)
- Specified by:
sanitize
in interfacecom.google.gwt.safehtml.shared.HtmlSanitizer
-
-