org.pkl.thirdparty.commonmark.renderer.html.UrlSanitizer Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pkl-tools Show documentation
Show all versions of pkl-tools Show documentation
Fat Jar containing pkl-cli, pkl-codegen-java, pkl-codegen-kotlin, pkl-config-java, pkl-core, pkl-doc, and their shaded third-party dependencies.
package org.pkl.thirdparty.commonmark.renderer.html;
import org.pkl.thirdparty.commonmark.node.Image;
import org.pkl.thirdparty.commonmark.node.Link;
/**
* Sanitizes urls for img and a elements by whitelisting protocols.
* This is intended to prevent XSS payloads like [Click this totally safe url](javascript:document.xss=true;)
*
* Implementation based on https://github.com/OWASP/java-html-sanitizer/blob/f07e44b034a45d94d6fd010279073c38b6933072/src/main/java/org/owasp/html/FilterUrlByProtocolAttributePolicy.java
*
* @since 0.14.0
*/
public interface UrlSanitizer {
/**
* Sanitize a url for use in the href attribute of a {@link Link}.
*
* @param url Link to sanitize
* @return Sanitized link
*/
String sanitizeLinkUrl(String url);
/**
* Sanitize a url for use in the src attribute of a {@link Image}.
*
* @param url Link to sanitize
* @return Sanitized link {@link Image}
*/
String sanitizeImageUrl(String url);
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy