public final class SimpleHtmlSanitizer extends java.lang.Object implements HtmlSanitizer
This sanitizer accepts the subset of HTML consisting of the following attribute-free tags:
<b>
, <em>
, <i>
<h1>
, <h2>
, <h3>
,
<h4>
, <h5>
, <h6>
<ul>
, <ol>
, <li>
<br>
, <hr>
, <strong>
Modifier and Type | Method and Description |
---|---|
static SimpleHtmlSanitizer |
getInstance()
Return a singleton SimpleHtmlSanitizer instance.
|
SafeHtml |
sanitize(java.lang.String html)
Sanitizes a string into
SafeHtml . |
static SafeHtml |
sanitizeHtml(java.lang.String html)
HTML-sanitizes a string.
|
public static SimpleHtmlSanitizer getInstance()
public static SafeHtml sanitizeHtml(java.lang.String html)
The input string is processed as described above. The result of sanitizing
the string is guaranteed to be safe to use (with respect to XSS
vulnerabilities) in HTML contexts, and is returned as an instance of the
SafeHtml
type.
html
- the input Stringpublic SafeHtml sanitize(java.lang.String html)
HtmlSanitizer
SafeHtml
.sanitize
in interface HtmlSanitizer
html
- String containing untrusted HTML.html
, sanitized according to the
policy implemented by this sanitizer.