Provided by: kaya_0.4.4-6ubuntu3_amd64 bug

NAME
       HTMLDocument::WhiteList - Elements to allow in String->HTML conversion


SYNOPSIS
       HTMLDocument::WhiteList< >

     = UltraSafe()

     | InlineOnly(HTMLDocument::ConversionSafety sa)

     | AllElements(HTMLDocument::ConversionSafety sb)

     | Unchecked()

     | CustomWhitelist(Dict::Dict<String, [String]>  whitelist)


DESCRIPTION
       When  converting  from a String to HTML, rather than simply adding a String to an existing
       element where it will be escaped, the elements allowed in the conversion should depend  on
       how trustworthy the String is. Generally, any unauthenticated user-supplied data should be
       treated extremely cautiously, and even authenticated user-supplied data should be  treated
       with some caution in case the authentication is broken.

       Use  of  String  to  HTML  conversion  allows  potential  for cross-site scripting attacks
       ⟨http://www.cert.org/archive/pdf/cross_site_scripting.pdf⟩   against   your   application,
       especially if the allowed element list is generous.

     -  UltraSafe - removes all tags and attributes. This differs from adding the string directly
     as text, which escapes them. This conversion method is immune to cross-site scripting.

     - InlineOnly - allows only inline elements.

     - AllElements - allows inline and block elements.

     - Unchecked - allows all tags and attributes. Use this only on completely trusted  data,  as
     it  allows  trivial cross-site scripting attacks if an attacker can control the String being
     converted.

     - CustomWhitelist - create your own whitelist of elements. The whitelist  is  a  Dict(3kaya)
     with  the allowed elements as the key and the list of allowed attributes for that element as
     the value. The string "*" will match any element as the key, or any attribute as an item  in
     the  value  list,  which  is  generally  not  a good idea for anything other than completely
     trusted data.

       For  the   InlineOnly   and   AllElements   options,   you   also   need   to   select   a
       HTMLDocument.ConversionSafety (3kaya)


AUTHORS
       Kaya  standard  library  by  Edwin Brady, Chris Morris and others (kaya@kayalang.org). For
       further information see http://kayalang.org/


LICENSE
       The Kaya standard library is free software; you can redistribute it and/or modify it under
       the  terms  of the GNU Lesser General Public License (version 2.1 or any later version) as
       published by the Free Software Foundation.


RELATED
       HTMLDocument.ConversionSafety (3kaya)
       HTMLDocument.readFromString (3kaya)