Provided by: kaya_0.4.4-6ubuntu3_amd64 bug

NAME
       HTMLDocument::WhiteList - Elements to allow in String->HTML conversion


SYNOPSIS
       HTMLDocument::WhiteList< >

     = UltraSafe()

     | InlineOnly(HTMLDocument::ConversionSafety sa)

     | AllElements(HTMLDocument::ConversionSafety sb)

     | Unchecked()

     | CustomWhitelist(Dict::Dict<String, [String]>  whitelist)


DESCRIPTION
       When converting from a String to HTML, rather than simply adding a String to an existing element where it
       will  be  escaped, the elements allowed in the conversion should depend on how trustworthy the String is.
       Generally, any unauthenticated user-supplied data  should  be  treated  extremely  cautiously,  and  even
       authenticated  user-supplied  data  should  be  treated  with  some caution in case the authentication is
       broken.

       Use of  String  to  HTML  conversion  allows  potential  for  cross-site scripting attacks  against  your
       application, especially if the allowed element list is generous.

     -  UltraSafe - removes all tags and attributes. This differs from adding the string directly as text, which
     escapes them. This conversion method is immune to cross-site scripting.

     - InlineOnly - allows only inline elements.

     - AllElements - allows inline and block elements.

     - Unchecked - allows all tags and attributes. Use this only  on  completely  trusted  data,  as  it  allows
     trivial cross-site scripting attacks if an attacker can control the String being converted.

     -  CustomWhitelist - create your own whitelist of elements. The whitelist is a Dict(3kaya) with the allowed
     elements as the key and the list of allowed attributes for that element as the value. The string  "*"  will
     match  any element as the key, or any attribute as an item in the value list, which is generally not a good
     idea for anything other than completely trusted data.

       For the InlineOnly and AllElements options, you  also  need  to  select  a  HTMLDocument.ConversionSafety
       (3kaya)


AUTHORS
       Kaya  standard  library  by  Edwin  Brady,  Chris  Morris  and  others  (kaya@kayalang.org).  For further
       information see http://kayalang.org/


LICENSE
       The Kaya standard library is free software; you can redistribute it and/or modify it under the  terms  of
       the  GNU  Lesser  General  Public  License  (version  2.1  or any later version) as published by the Free
       Software Foundation.


RELATED
       HTMLDocument.ConversionSafety (3kaya)
       HTMLDocument.readFromString (3kaya)

Kaya                                                July 2013                      HTMLDocument.WhiteList(3kaya)