goog.html.sanitizer.HtmlSanitizer.Builder

Adds the original tag name in the data attribute 'original-tag' when unknown tags are sanitized to <span&rt;, so that caller can distinguish them from actual <span&rt; tags.

Allows inline CSS styles.

Extends the list of allowed custom element tags.

Extends the list of allowed custom element tags.

Extends the list of allowed data attributes.

Allows form tags in the HTML. Without this all form tags and content will be dropped.

Allows STYLE tags. Note that the sanitizer wraps the output of each call to sanitize with a SPAN tag, give it a random ID unique across multiple calls, and then restrict all CSS rules found inside STYLE tags to only apply to children of the SPAN tag. This means that CSS rules in STYLE tags will only apply to content provided in the same call to sanitize. This feature is not compatible with inlineStyleRules.

Extends the attribute whitelist (Package-internal utility method only).

Extends the tag whitelist (Package-internal utility method only).

Builds and returns a goog.html.sanitizer.HtmlSanitizer object.

Converts rules in STYLE tags into style attributes on the tags they apply to. This feature is not compatible with withStyleContainer and allowStyleTag. This method requires allowCssStyles (otherwise rules would be deleted after being inlined), and is not compatible with allowStyleTag.

Allows only the provided whitelist of attributes, possibly setting a custom policy for them. The set of tag/attribute combinations need to be a subset of the currently allowed combinations.

Note that you cannot define a generic handler for an attribute if only a tag-specific one is present, and vice versa. To configure the sanitizer to accept an attribute only for a specific tag when only a generic handler is whitelisted, use the goog.html.sanitizer.HtmlSanitizerPolicyHints parameter and simply reject the attribute in unwanted tags.

Also note that the sanitizer's policy is still called after the provided one, to ensure that supplying misconfigured policy cannot introduce vulnerabilities. To completely override an existing attribute policy or to allow new attributes, see the goog.html.sanitizer.unsafe package.

Allows only the provided whitelist of tags. Tags still need to be in the TagWhitelist to be allowed.

SPAN tags are ALWAYS ALLOWED as part of the mechanism required to preserve the HTML tree structure (when removing non-blacklisted tags and non-whitelisted tags).

Sets a custom name policy.

Sets a custom network URL policy.

Sets a custom token policy.

Sets a custom non-network URL policy.

Fixes the ID of the style container used for CSS rules found in STYLE tags, and disables automatic wrapping with the container. This allows multiple calls to sanitize to share STYLE rules. If opt_styleContainer is missing, the sanitizer will stop restricting the scope of CSS rules altogether. Requires allowStyleTag to be called first.