public final class

SimpleHtmlSanitizer

extends Object
implements HtmlSanitizer
java.lang.Object
   ↳ com.google.gwt.safehtml.shared.SimpleHtmlSanitizer

Class Overview

A simple and relatively inexpensive HTML sanitizer.

This sanitizer accepts the subset of HTML consisting of the following attribute-free tags:

  • <b>, <em>, <i>
  • <h1>, <h2>, <h3>, <h4>, <h5>, <h6>
  • <ul>, <ol>. <li>
  • <hr>
as well as numeric HTML entities and HTML entity references. Any HTML metacharacters that do not appear as part of markup in this subset will be HTML-escaped.

Summary

Public Methods
static SimpleHtmlSanitizer getInstance()
Return a singleton SimpleHtmlSanitizer instance.
SafeHtml sanitize(String html)
Sanitizes a string into SafeHtml.
static SafeHtml sanitizeHtml(String html)
HTML-sanitizes a string.
[Expand]
Inherited Methods
From class java.lang.Object
From interface com.google.gwt.safehtml.shared.HtmlSanitizer

Public Methods

public static SimpleHtmlSanitizer getInstance ()

Return a singleton SimpleHtmlSanitizer instance.

Returns
  • the instance

public SafeHtml sanitize (String html)

Sanitizes a string into SafeHtml.

Parameters
html String containing untrusted HTML.
Returns
  • Contents of html, sanitized according to the policy implemented by this sanitizer.

public static SafeHtml sanitizeHtml (String html)

HTML-sanitizes a string.

The input string is processed as described above. The result of sanitizing the string is guaranteed to be safe to use (with respect to XSS vulnerabilities) in HTML contexts, and is returned as an instance of the SafeHtml type.

Parameters
html the input String
Returns
  • a sanitized SafeHtml instance