Provided by: kaya_0.4.4-6ubuntu3_amd64
HTMLDocument::WhiteList - Elements to allow in String->HTML conversion
HTMLDocument::WhiteList< > = UltraSafe() | InlineOnly(HTMLDocument::ConversionSafety sa) | AllElements(HTMLDocument::ConversionSafety sb) | Unchecked() | CustomWhitelist(Dict::Dict<String, [String]> whitelist)
When converting from a String to HTML, rather than simply adding a String to an existing element where it will be escaped, the elements allowed in the conversion should depend on how trustworthy the String is. Generally, any unauthenticated user-supplied data should be treated extremely cautiously, and even authenticated user-supplied data should be treated with some caution in case the authentication is broken. Use of String to HTML conversion allows potential for cross-site scripting attacks ⟨http://www.cert.org/archive/pdf/cross_site_scripting.pdf⟩ against your application, especially if the allowed element list is generous. - UltraSafe - removes all tags and attributes. This differs from adding the string directly as text, which escapes them. This conversion method is immune to cross-site scripting. - InlineOnly - allows only inline elements. - AllElements - allows inline and block elements. - Unchecked - allows all tags and attributes. Use this only on completely trusted data, as it allows trivial cross-site scripting attacks if an attacker can control the String being converted. - CustomWhitelist - create your own whitelist of elements. The whitelist is a Dict(3kaya) with the allowed elements as the key and the list of allowed attributes for that element as the value. The string "*" will match any element as the key, or any attribute as an item in the value list, which is generally not a good idea for anything other than completely trusted data. For the InlineOnly and AllElements options, you also need to select a HTMLDocument.ConversionSafety (3kaya)
Kaya standard library by Edwin Brady, Chris Morris and others (email@example.com). For further information see http://kayalang.org/
The Kaya standard library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License (version 2.1 or any later version) as published by the Free Software Foundation.
HTMLDocument.ConversionSafety (3kaya) HTMLDocument.readFromString (3kaya)