Source code

001/*
002 * (C) Copyright 2006-2010 Nuxeo SA (http://nuxeo.com/) and contributors.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the GNU Lesser General Public License
006 * (LGPL) version 2.1 which accompanies this distribution, and is available at
007 * http://www.gnu.org/licenses/lgpl.html
008 *
009 * This library is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * Contributors:
015 *     Florent Guillaume
016 */
017package org.nuxeo.ecm.platform.htmlsanitizer;
018
019import org.nuxeo.ecm.core.api.DocumentModel;
020
021/**
022 * Service that sanitizes some HTML fields to remove potential cross-site scripting attacks in them.
023 */
024public interface HtmlSanitizerService {
025
026    /**
027     * Sanitizes a document's fields, depending on the service configuration.
028     */
029    void sanitizeDocument(DocumentModel doc);
030
031    /**
032     * Sanitizes a string.
033     *
034     * @param html the string to sanitize
035     * @param info additional info logged when something is sanitized
036     * @return the sanitized string
037     */
038    String sanitizeString(String html, String info);
039
040}