Package org.apache.ofbiz.base.html
Class CustomSafePolicy
- java.lang.Object
-
- org.apache.ofbiz.base.html.CustomSafePolicy
-
- All Implemented Interfaces:
SanitizerCustomPolicy
public class CustomSafePolicy extends java.lang.Object implements SanitizerCustomPolicy
Based on the AntiSamy Slashdot example. Slashdot (http://www.slashdot.org/) is a techie news site that allows users to respond anonymously to news posts with very limited HTML markup. Now Slashdot is not only one of the coolest sites around, it's also one that's been subject to many different successful attacks. Even more unfortunate is the fact that most of the attacks led users to the infamous goatse.cx picture (please don't go look it up). The rules for Slashdot are fairly strict: users can only submit the following HTML tags and no CSS:<b>
,<u>
,<i>
,<a>
,<blockquote>
. Accordingly, we've built a policy file that allows fairly similar functionality. All text-formatting tags that operate directly on the font, color or emphasis have been allowed.
-
-
Field Summary
Fields Modifier and Type Field Description static org.owasp.html.PolicyFactory
POLICY_DEFINITION
A policy that can be used to produce policies that sanitize to HTML sinks viaPolicyFactory.apply(org.owasp.html.HtmlStreamEventReceiver)
.
-
Constructor Summary
Constructors Constructor Description CustomSafePolicy()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description org.owasp.html.PolicyFactory
getSanitizerPolicy()
Used for getting the policy from the custom class which implements this interface
-
-
-
Method Detail
-
getSanitizerPolicy
public org.owasp.html.PolicyFactory getSanitizerPolicy()
Description copied from interface:SanitizerCustomPolicy
Used for getting the policy from the custom class which implements this interface- Specified by:
getSanitizerPolicy
in interfaceSanitizerCustomPolicy
- Returns:
- the policy specified in the class will be returned
-
-