Package overit.geocall.ui.cleaner

Class HtmlCleaner

java.lang.Object

overit.geocall.ui.cleaner.Cleaner

overit.geocall.ui.cleaner.HtmlCleaner

All Implemented Interfaces:

Serializable

public class HtmlCleaner
extends Cleaner

This class implements the Cleaner object that performs the sanitization that allows to insert safe html code, but prevents the insert of active html (such as the scripts). The active html is recognized and deleted from the string.
This type of cleaner must be used only in very special cases where there is the actual need to introduce complex html. In other cases it is recommended to use the RtfCleaner.
The sanitization is based on the OWASP libraries

See Also:

• Serialized Form

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	HtmlCleaner()

Method Summary

Modifier and Type	Method	Description
String	quote(String html)	The string is returned as is, beacuse there's no need to quote symobls
Cleaner	safeCopy()	Returns a new instance of the cleaner totally independent of the original, because the cleaning methodology is not thread safe
String	sift(String html)	Sifts the string to find and remove insecure substrings.

Methods inherited from class overit.geocall.ui.cleaner.Cleaner

clean, html, none, rtf, safeInstance, text, unQuote, xml

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

HtmlCleaner

protected HtmlCleaner()

Method Details

safeCopy

public Cleaner safeCopy()

Returns a new instance of the cleaner totally independent of the original, because the cleaning methodology is not thread safe

Specified by:

safeCopy in class Cleaner

Returns:

A new instance of the object totally independent of the original

sift

public String sift(String html)

Sifts the string to find and remove insecure substrings. The active html is recognized and deleted from the string.

Allowed elements and attributes for the cleaner

Allowed elements and attributes
Global	class, id, lang, title
Tables	table, tbody, thead, tfoot, tr, td, th, caption, col, colgroup, align, bgcolor, border, cellpadding, cellspacing, width, colspan, rowspan, valign, height, nowrap
Blocks	p, div, h1, h2, h3, h4, h5, h6, ul, ol, li, blockquote
Styling	color, font-size, type-face inside the style="" attributes
Formatting	hr, b, i, font, s, u, o, sup, sub, ins, del, strong, strike, tt, code, big, small, br, span
Url protocols	cid, http, https, mailto
Images	src, alt, width, height, vspace, hspace, border, align, dir, longdesc
Links	a, href, target, name

Specified by:

sift in class Cleaner

Parameters:

html - The string to be sifted

Returns:

The string parameter without the insecure substrings, i.e. the string in which the active html was removed

quote

public String quote(String html)

The string is returned as is, beacuse there's no need to quote symobls

Specified by:

quote in class Cleaner

Parameters:

html - The string to return

Returns:

The parameter as is