Interface ContentSecurityPolicyHTMLRewriter


public interface ContentSecurityPolicyHTMLRewriter
Author:
Iván Zaera Avellón
  • Method Summary

    Modifier and Type
    Method
    Description
    rewriteInlineEventHandlers(String html, javax.servlet.http.HttpServletRequest httpServletRequest, boolean recursive)
    Transform a fragment of HTML extracting all inline event handlers (e.g.: onclick, onfocus, etc.) to a <script> node so that restrictive content security policies like script-src-attr 'none'; do not prevent their execution.
  • Method Details

    • rewriteInlineEventHandlers

      String rewriteInlineEventHandlers(String html, javax.servlet.http.HttpServletRequest httpServletRequest, boolean recursive)
      Transform a fragment of HTML extracting all inline event handlers (e.g.: onclick, onfocus, etc.) to a <script> node so that restrictive content security policies like script-src-attr 'none'; do not prevent their execution.
      Parameters:
      html - the HTML to transform
      httpServletRequest - needed to obtain the content security policy nonce to use in the <script> node
      recursive - whether to rewrite all nodes or only the top level ones
      Returns:
      the transformed HTML