org.owasp.validator.html.scan
Class AntiSamyDOMScanner

java.lang.Object
  org.owasp.validator.html.scan.AntiSamyDOMScanner

public class AntiSamyDOMScanner
extends Object

This is where the magic lives. All the scanning/filtration logic resides here, but it should not be called directly. All scanning should be done through a AntiSamy.scan() method.

Author:

Arshan Dabirsiaghi

Field Summary

static String

ENCODING_ALGORITHM

Constructor Summary

AntiSamyDOMScanner()

AntiSamyDOMScanner(Policy policy)

Method Summary

CleanResults	getResults()
static void	main(String[] args) This method replaces all entity codes with a normalized version of all entity references contained in order to reduce our encoding/parsing attack surface.
CleanResults	scan(String html) This is where the magic lives.
void	setResults(CleanResults results)

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ENCODING_ALGORITHM

public static final String ENCODING_ALGORITHM

See Also:

Constant Field Values

Constructor Detail

AntiSamyDOMScanner

public AntiSamyDOMScanner(Policy policy)

AntiSamyDOMScanner

public AntiSamyDOMScanner()
                   throws PolicyException

Throws:

PolicyException

Method Detail

scan

public CleanResults scan(String html)
                  throws ScanException

This is where the magic lives.

Parameters:

html - A String whose contents we want to scan.

Returns:

A CleanResults object with an XMLDocumentFragment object and its String representation, as well as some scan statistics.

Throws:

ScanException

main

public static void main(String[] args)
                 throws PolicyException

This method replaces all entity codes with a normalized version of all entity references contained in order to reduce our encoding/parsing attack surface.

Parameters:

txt - The string to be normalized.

Throws:

PolicyException

getResults

public CleanResults getResults()

setResults

public void setResults(CleanResults results)