A C D E F G H I L M N O P S T U V X

A

ACTION_FILTER - Static variable in class org.owasp.validator.html.Policy

ACTION_TRUNCATE - Static variable in class org.owasp.validator.html.Policy

ACTION_VALIDATE - Static variable in class org.owasp.validator.html.Policy

addAllowedRegExp(Pattern) - Method in class org.owasp.validator.html.model.Attribute

addAllowedRegExp(Pattern) - Method in class org.owasp.validator.html.model.Property

Add the specified value to the allowed list of valid regular expressions.

addAllowedValue(String) - Method in class org.owasp.validator.html.model.Attribute

addAllowedValue(String) - Method in class org.owasp.validator.html.model.Property

Add the specified value to the allowed list of valid values.

addAttribute(Attribute) - Method in class org.owasp.validator.html.model.Tag

Adds a fully-built Attribute to the list of Attributes allowed for this tag.

addErrorMessage(String) - Method in class org.owasp.validator.html.CleanResults

Add an error message to the aggregate list of error messages during filtering.

addShorthandRef(String) - Method in class org.owasp.validator.html.model.Property

Add the specified value to the allowed list of valid shorthand values.

ANCHORS_NOFOLLOW - Static variable in class org.owasp.validator.html.Policy

AntiSamy - Class in org.owasp.validator.html

This is the only class from which the outside world should be calling.

AntiSamy() - Constructor for class org.owasp.validator.html.AntiSamy

AntiSamy(Policy) - Constructor for class org.owasp.validator.html.AntiSamy

AntiSamyDOMScanner - Class in org.owasp.validator.html.scan

This is where the magic lives.

AntiSamyDOMScanner(Policy) - Constructor for class org.owasp.validator.html.scan.AntiSamyDOMScanner

AntiSamyDOMScanner() - Constructor for class org.owasp.validator.html.scan.AntiSamyDOMScanner

AntiSamyPattern - Class in org.owasp.validator.html.model

An extension of the Pattern to give it a "lookup name" that we can use from a centralized store.

AntiSamyPattern(String, Pattern) - Constructor for class org.owasp.validator.html.model.AntiSamyPattern

Constructor for AntiSamyPattern.

ANYTHING_REGEXP - Static variable in class org.owasp.validator.html.Policy

Attribute - Class in org.owasp.validator.html.model

A model for HTML attributes and the "rules" they must follow (either literals or regular expressions) in order to be considered valid.

Attribute(String) - Constructor for class org.owasp.validator.html.model.Attribute

C

CleanResults - Class in org.owasp.validator.html

This class contains the results of a scan.

CleanResults() - Constructor for class org.owasp.validator.html.CleanResults

CleanResults(Date, Date, String, DocumentFragment, ArrayList) - Constructor for class org.owasp.validator.html.CleanResults

CleanResults(Date) - Constructor for class org.owasp.validator.html.CleanResults

This is called at the beginning of the scan to initialize the start time and create a new CleanResults object.

clone() - Method in class org.owasp.validator.html.model.Attribute

We need to implement clone() to make the Policy file work with common attributes and the ability to use a common-attribute with an alternative onInvalid action.

comment(String) - Method in class org.owasp.validator.css.CssHandler

CONNECTION_TIMEOUT - Static variable in class org.owasp.validator.html.Policy

CssHandler - Class in org.owasp.validator.css

A implementation of a SAC DocumentHandler for CSS validation.

CssHandler(Policy, LinkedList, ArrayList, ResourceBundle) - Constructor for class org.owasp.validator.css.CssHandler

Constructs a handler for stylesheets using the given policy and queue for imported stylesheets.

CssHandler(Policy, LinkedList, ArrayList, String, ResourceBundle) - Constructor for class org.owasp.validator.css.CssHandler

Constructs a handler for inline style declarations using the given policy and queue for imported stylesheets.

CssScanner - Class in org.owasp.validator.css

Encapsulates the parsing and validation of a CSS stylesheet or inline declaration.

CssScanner(Policy, ResourceBundle) - Constructor for class org.owasp.validator.css.CssScanner

Constructs a scanner based on the given policy.

CssValidator - Class in org.owasp.validator.css

Encapsulates all the neceesary operations for validating individual eleements of a stylesheet (namely: selectors, conditions and properties).

CssValidator(Policy) - Constructor for class org.owasp.validator.css.CssValidator

Constructs a validator for CSS selectors, conditions and properties based on the given policy.

D

decode(String) - Static method in class org.owasp.validator.html.util.XMLUtil

Helper function for decode XML entities.

DEFAULT_ENCODING_ALGORITHM - Static variable in class org.owasp.validator.html.scan.AntiSamyDOMScanner

DEFAULT_MAX_INPUT_SIZE - Static variable in class org.owasp.validator.html.Policy

DEFAULT_MAX_STYLESHEET_IMPORTS - Static variable in class org.owasp.validator.html.Policy

E

EMBED_STYLESHEETS - Static variable in class org.owasp.validator.html.Policy

encode(String) - Static method in class org.owasp.validator.html.util.XMLUtil

ENCODE_TAGS - Static variable in class org.owasp.validator.html.Policy

endDocument(InputSource) - Method in class org.owasp.validator.css.CssHandler

endFontFace() - Method in class org.owasp.validator.css.CssHandler

endMedia(SACMediaList) - Method in class org.owasp.validator.css.CssHandler

endPage(String, String) - Method in class org.owasp.validator.css.CssHandler

endSelector(SelectorList) - Method in class org.owasp.validator.css.CssHandler

ERROR_ATTRIBUTE_CAUSE_ENCODE - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_ATTRIBUTE_CAUSE_FILTER - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_ATTRIBUTE_INVALID - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_ATTRIBUTE_INVALID_FILTERED - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_ATTRIBUTE_INVALID_REMOVED - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_ATTRIBUTE_NOT_IN_POLICY - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_COMMENT_REMOVED - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_CSS_ATTRIBUTE_MALFORMED - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_CSS_IMPORT_DISABLED - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_CSS_IMPORT_EXCEEDED - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_CSS_IMPORT_FAILURE - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_CSS_IMPORT_INPUT_SIZE - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_CSS_IMPORT_URL_INVALID - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_CSS_TAG_MALFORMED - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_CSS_TAG_PROPERTY_INVALID - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_CSS_TAG_RELATIVE - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_CSS_TAG_RULE_NOTFOUND - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_CSS_TAG_SELECTOR_DISALLOWED - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_CSS_TAG_SELECTOR_NOTFOUND - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_INPUT_SIZE - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_STYLESHEET_NOT_ALLOWED - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_STYLESHEET_PROPERTY_INVALID - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_STYLESHEET_RELATIVE - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_STYLESHEET_RULE_NOTFOUND - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_STYLESHEET_SELECTOR_DISALLOWED - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_STYLESHEET_SELECTOR_NOTFOUND - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_TAG_DISALLOWED - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_TAG_EMPTY - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_TAG_ENCODED - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_TAG_FILTERED - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ERROR_TAG_NOT_IN_POLICY - Static variable in class org.owasp.validator.html.util.ErrorMessageUtil

ErrorMessageUtil - Class in org.owasp.validator.html.util

F

FORMAT_OUTPUT - Static variable in class org.owasp.validator.html.Policy

G

getAction() - Method in class org.owasp.validator.html.model.Tag

getAllowedAttributes() - Method in class org.owasp.validator.html.model.Tag

getAllowedRegExp() - Method in class org.owasp.validator.html.model.Attribute

getAllowedRegExp() - Method in class org.owasp.validator.html.model.Property

Return a List of allowed regular expressions as added by the addAllowedRegExp() method.

getAllowedValues() - Method in class org.owasp.validator.html.model.Attribute

getAllowedValues() - Method in class org.owasp.validator.html.model.Property

getAttributeByName(String) - Method in class org.owasp.validator.html.model.Tag

Returns an Attribute associated with a lookup name.

getAttributeValue(Element, String) - Static method in class org.owasp.validator.html.util.XMLUtil

Helper function for quickly retrieving an attribute from a given element.

getBooleanValue(Element, String) - Static method in class org.owasp.validator.html.util.XMLUtil

Helper function for quickly retrieving an boolean value of a given XML element.

getBooleanValue(Element, String, boolean) - Static method in class org.owasp.validator.html.util.XMLUtil

Helper function for quickly retrieving an boolean value of a given XML element, with a default initialization value passed in a parameter.

getCleanHTML() - Method in class org.owasp.validator.html.CleanResults

Return the filtered HTML as a String.

getCleanStylesheet() - Method in class org.owasp.validator.css.CssHandler

Returns the cleaned stylesheet.

getCleanXMLDocumentFragment() - Method in class org.owasp.validator.html.CleanResults

getDescription() - Method in class org.owasp.validator.html.model.Attribute

getDescription() - Method in class org.owasp.validator.html.model.Property

getDirective(String) - Method in class org.owasp.validator.html.Policy

Return a directive value based on a lookup name.

getEndOfScan() - Method in class org.owasp.validator.html.CleanResults

Return the time when scan finished.

getErrorMessages() - Method in class org.owasp.validator.css.CssHandler

Returns the error messages generated during parsing.

getErrorMessages() - Method in class org.owasp.validator.html.CleanResults

Return a list of error messages.

getGlobalAttributeByName(String) - Method in class org.owasp.validator.html.Policy

A simple method for returning on of the entries by name.

getInputEncoding() - Method in class org.owasp.validator.html.AntiSamy

getInstance() - Static method in class org.owasp.validator.html.Policy

This retrieves a Policy based on a default location ("resources/antisamy.xml")

getInstance(String) - Static method in class org.owasp.validator.html.Policy

This retrieves a Policy based on the file name passed in

getInstance(File) - Static method in class org.owasp.validator.html.Policy

This retrieves a Policy based on the File object passed in

getInstance(InputStream) - Static method in class org.owasp.validator.html.Policy

This retrieves a Policy based on the InputStream object passed in

getIntValue(Element, String, int) - Static method in class org.owasp.validator.html.util.XMLUtil

Helper function for quickly retrieving an integer value of a given XML element.

getMaxInputSize() - Method in class org.owasp.validator.html.Policy

Returns the maximum input size.

getMessage(ResourceBundle, String, Object[]) - Static method in class org.owasp.validator.html.util.ErrorMessageUtil

getName() - Method in class org.owasp.validator.html.model.AntiSamyPattern

getName() - Method in class org.owasp.validator.html.model.Attribute

getName() - Method in class org.owasp.validator.html.model.Property

getName() - Method in class org.owasp.validator.html.model.Tag

getNumberOfErrors() - Method in class org.owasp.validator.html.CleanResults

Return the number of errors encountered during filtering.

getOnInvalid() - Method in class org.owasp.validator.html.model.Attribute

getOnInvalid() - Method in class org.owasp.validator.html.model.Property

getOutputEncoding() - Method in class org.owasp.validator.html.AntiSamy

getPattern() - Method in class org.owasp.validator.html.model.AntiSamyPattern

getPolicy() - Method in class org.owasp.validator.html.AntiSamy

getPropertyByName(String) - Method in class org.owasp.validator.html.Policy

Retrieves a CSS Property from the Policy.

getRegularExpression() - Method in class org.owasp.validator.html.model.Tag

Returns a regular expression for validating individual tags.

getRegularExpression(String) - Method in class org.owasp.validator.html.Policy

A simple method for returning on of the entries by name.

getResults() - Method in class org.owasp.validator.html.scan.AntiSamyDOMScanner

getScanTime() - Method in class org.owasp.validator.html.CleanResults

Return the time elapsed during the scan.

getSelectorName() - Method in exception org.owasp.validator.css.UnknownSelectorException

getShorthandRefs() - Method in class org.owasp.validator.html.model.Property

getStartOfScan() - Method in class org.owasp.validator.html.CleanResults

Return the time when scan started.

getTagByName(String) - Method in class org.owasp.validator.html.Policy

Retrieves a Tag from the Policy.

getTags() - Method in class org.owasp.validator.html.Policy

Return all the tags accepted by the Policy object.

getTextValue(Element, String) - Static method in class org.owasp.validator.html.util.XMLUtil

Helper function for quickly retrieving a String value of a given XML element.

H

htmlEntityEncode(String) - Static method in class org.owasp.validator.html.util.HTMLEntityEncoder

A helper method for HTML entity-encoding a String value.

HTMLEntityEncoder - Class in org.owasp.validator.html.util

HTMLEntityEncoder() - Constructor for class org.owasp.validator.html.util.HTMLEntityEncoder

I

ignorableAtRule(String) - Method in class org.owasp.validator.css.CssHandler

importStyle(String, SACMediaList, String) - Method in class org.owasp.validator.css.CssHandler

initializeErrors() - Method in class org.owasp.validator.html.scan.AntiSamyDOMScanner

isTagInListToEncode(String) - Method in class org.owasp.validator.html.Policy

isValidCondition(String, Condition) - Method in class org.owasp.validator.css.CssValidator

Determines whether the given condition is valid according to this validator's policy.

isValidProperty(String, LexicalUnit) - Method in class org.owasp.validator.css.CssValidator

Determines whether the given property (both name and value) are valid according to this validator's policy.

isValidSelector(String, Selector) - Method in class org.owasp.validator.css.CssValidator

Determines whether the given selector name is valid according to this validator's policy.

L

lexicalValueToString(LexicalUnit) - Method in class org.owasp.validator.css.CssValidator

Converts the given lexical unit to a String representation.

M

main(String[]) - Static method in class org.owasp.validator.css.CssScanner

Deprecated.

main(String[]) - Static method in class org.owasp.validator.html.AntiSamy

Main method for testing AntiSamy.

main(String[]) - Static method in class org.owasp.validator.html.Policy

Main test unit.

main(String[]) - Static method in class org.owasp.validator.html.scan.AntiSamyDOMScanner

This method replaces all entity codes with a normalized version of all entity references contained in order to reduce our encoding/parsing attack surface.

MAX_INPUT_SIZE - Static variable in class org.owasp.validator.html.Policy

N

namespaceDeclaration(String, String) - Method in class org.owasp.validator.css.CssHandler

O

OMIT_DOCTYPE_DECLARATION - Static variable in class org.owasp.validator.html.Policy

OMIT_XML_DECLARATION - Static variable in class org.owasp.validator.html.Policy

org.owasp.validator.css - package org.owasp.validator.css

org.owasp.validator.html - package org.owasp.validator.html

org.owasp.validator.html.model - package org.owasp.validator.html.model

org.owasp.validator.html.scan - package org.owasp.validator.html.scan

org.owasp.validator.html.util - package org.owasp.validator.html.util

P

Policy - Class in org.owasp.validator.html

Policy.java This file holds the model for our policy engine.

PolicyException - Exception in org.owasp.validator.html

This exception gets thrown when there is a problem validating or parsing the policy file.

PolicyException(Exception) - Constructor for exception org.owasp.validator.html.PolicyException

PolicyException(String) - Constructor for exception org.owasp.validator.html.PolicyException

PRESERVE_COMMENTS - Static variable in class org.owasp.validator.html.Policy

PRESERVE_SPACE - Static variable in class org.owasp.validator.html.Policy

property(String, LexicalUnit, boolean) - Method in class org.owasp.validator.css.CssHandler

Property - Class in org.owasp.validator.html.model

A model for CSS properties and the "rules" they must follow (either literals or regular expressions) in order to be considered valid.

Property(String) - Constructor for class org.owasp.validator.html.model.Property

S

scan(String) - Method in class org.owasp.validator.html.AntiSamy

The meat and potatoes.

scan(String, Policy) - Method in class org.owasp.validator.html.AntiSamy

This method wraps scan() using the Policy object passed in.

scan(String, String) - Method in class org.owasp.validator.html.AntiSamy

This method wraps scan() using the Policy object passed in.

scan(String, File) - Method in class org.owasp.validator.html.AntiSamy

This method wraps scan() using the policy File object passed in.

scan(String, String, String) - Method in class org.owasp.validator.html.scan.AntiSamyDOMScanner

This is where the magic lives.

ScanException - Exception in org.owasp.validator.html

This exception gets thrown when there is an unexpected error parsing the tainted HTML.

ScanException(Exception) - Constructor for exception org.owasp.validator.html.ScanException

ScanException(String) - Constructor for exception org.owasp.validator.html.ScanException

scanInlineStyle(String, String, int) - Method in class org.owasp.validator.css.CssScanner

Scans the contents of an inline style declaration (ex.

scanStyleSheet(String, int) - Method in class org.owasp.validator.css.CssScanner

Scans the contents of a full stylesheet (ex.

setAction(String) - Method in class org.owasp.validator.html.model.Tag

setAllowedAttributes(HashMap) - Method in class org.owasp.validator.html.model.Tag

setAllowedRegExp(List) - Method in class org.owasp.validator.html.model.Attribute

setAllowedRegExp(List) - Method in class org.owasp.validator.html.model.Property

Set a new List of allowed regular expressions.

setAllowedValues(List) - Method in class org.owasp.validator.html.model.Attribute

setAllowedValues(List) - Method in class org.owasp.validator.html.model.Property

Set a new List of allowed literal values.

setCleanHTML(String) - Method in class org.owasp.validator.html.CleanResults

setDescription(String) - Method in class org.owasp.validator.html.model.Attribute

setDescription(String) - Method in class org.owasp.validator.html.model.Property

setDirective(String, String) - Method in class org.owasp.validator.html.Policy

Set a directive for a value based on a name.

setInputEncoding(String) - Method in class org.owasp.validator.html.AntiSamy

setName(String) - Method in class org.owasp.validator.html.model.AntiSamyPattern

setName(String) - Method in class org.owasp.validator.html.model.Attribute

setName(String) - Method in class org.owasp.validator.html.model.Tag

setOnInvalid(String) - Method in class org.owasp.validator.html.model.Attribute

setOnInvalid(String) - Method in class org.owasp.validator.html.model.Property

setOutputEncoding(String) - Method in class org.owasp.validator.html.AntiSamy

setPattern(Pattern) - Method in class org.owasp.validator.html.model.AntiSamyPattern

setPolicy(Policy) - Method in class org.owasp.validator.html.AntiSamy

setResults(CleanResults) - Method in class org.owasp.validator.html.scan.AntiSamyDOMScanner

setShorthandRefs(List) - Method in class org.owasp.validator.html.model.Property

Set a new List of allowed shorthand references.

startDocument(InputSource) - Method in class org.owasp.validator.css.CssHandler

startFontFace() - Method in class org.owasp.validator.css.CssHandler

startMedia(SACMediaList) - Method in class org.owasp.validator.css.CssHandler

startPage(String, String) - Method in class org.owasp.validator.css.CssHandler

startSelector(SelectorList) - Method in class org.owasp.validator.css.CssHandler

T

Tag - Class in org.owasp.validator.html.model

A model for HTML "tags" and the rules dictating their validation/filtration.

Tag(String) - Constructor for class org.owasp.validator.html.model.Tag

Constructor.

U

UnknownSelectorException - Exception in org.owasp.validator.css

UnknownSelectorException(String) - Constructor for exception org.owasp.validator.css.UnknownSelectorException

USE_XHTML - Static variable in class org.owasp.validator.html.Policy

V

VALIDATE_PARAM_AS_EMBED - Static variable in class org.owasp.validator.html.Policy

X

XMLUtil - Class in org.owasp.validator.html.util

XMLUtil() - Constructor for class org.owasp.validator.html.util.XMLUtil

A C D E F G H I L M N O P S T U V X