1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 2 <!--NewPage--> 3 <HTML> 4 <HEAD> 5 <META http-equiv="Content-Type" content="text/html; charset=UTF-8"> 6 <TITLE> 7 EbayPolicyExample (OWASP Java HTML Sanitizer) 8 </TITLE> 9 10 11 <LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../stylesheet.css" TITLE="Style"> 12 13 <SCRIPT type="text/javascript"> 14 function windowTitle() 15 { 16 if (location.href.indexOf('is-external=true') == -1) { 17 parent.document.title="EbayPolicyExample (OWASP Java HTML Sanitizer)"; 18 } 19 } 20 </SCRIPT> 21 <NOSCRIPT> 22 </NOSCRIPT> 23 24 </HEAD> 25 26 <BODY BGCOLOR="white" onload="windowTitle();"> 27 <HR> 28 29 30 <!-- ========= START OF TOP NAVBAR ======= --> 31 <A NAME="navbar_top"><!-- --></A> 32 <A HREF="#skip-navbar_top" title="Skip navigation links"></A> 33 <TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> 34 <TR> 35 <TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> 36 <A NAME="navbar_top_firstrow"><!-- --></A> 37 <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> 38 <TR ALIGN="center" VALIGN="top"> 39 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> 40 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A> </TD> 41 <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT> </TD> 42 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/EbayPolicyExample.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A> </TD> 43 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> 44 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> 45 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> 46 </TR> 47 </TABLE> 48 </TD> 49 <TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> 50 <a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM> 51 </TD> 52 </TR> 53 54 <TR> 55 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 56 PREV CLASS 57 <A HREF="../../../../org/owasp/html/examples/SlashdotPolicyExample.html" title="class in org.owasp.html.examples"><B>NEXT CLASS</B></A></FONT></TD> 58 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 59 <A HREF="../../../../index.html?org/owasp/html/examples/EbayPolicyExample.html" target="_top"><B>FRAMES</B></A> 60 <A HREF="EbayPolicyExample.html" target="_top"><B>NO FRAMES</B></A> 61 <SCRIPT type="text/javascript"> 62 <!-- 63 if(window==top) { 64 document.writeln('<A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A>'); 65 } 66 //--> 67 </SCRIPT> 68 <NOSCRIPT> 69 <A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A> 70 </NOSCRIPT> 71 72 73 </FONT></TD> 74 </TR> 75 <TR> 76 <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 77 SUMMARY: NESTED | <A HREF="#field_summary">FIELD</A> | <A HREF="#constructor_summary">CONSTR</A> | <A HREF="#method_summary">METHOD</A></FONT></TD> 78 <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 79 DETAIL: <A HREF="#field_detail">FIELD</A> | <A HREF="#constructor_detail">CONSTR</A> | <A HREF="#method_detail">METHOD</A></FONT></TD> 80 </TR> 81 </TABLE> 82 <A NAME="skip-navbar_top"></A> 83 <!-- ========= END OF TOP NAVBAR ========= --> 84 85 <HR> 86 <!-- ======== START OF CLASS DATA ======== --> 87 <H2> 88 <FONT SIZE="-1"> 89 org.owasp.html.examples</FONT> 90 <BR> 91 Class EbayPolicyExample</H2> 92 <PRE> 93 java.lang.Object 94 <IMG SRC="../../../../resources/inherit.gif" ALT="extended by "><B>org.owasp.html.examples.EbayPolicyExample</B> 95 </PRE> 96 <HR> 97 <DL> 98 <DT><PRE>public class <A HREF="../../../../src-html/org/owasp/html/examples/EbayPolicyExample.html#line.60"><B>EbayPolicyExample</B></A><DT>extends java.lang.Object</DL> 99 </PRE> 100 101 <P> 102 Based on the 103 <a href="http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project#Stage_2_-_Choosing_a_base_policy_file">AntiSamy EBay example</a>. 104 <blockquote> 105 eBay (http://www.ebay.com/) is the most popular online auction site in the 106 universe, as far as I can tell. It is a public site so anyone is allowed to 107 post listings with rich HTML content. It's not surprising that given the 108 attractiveness of eBay as a target that it has been subject to a few complex 109 XSS attacks. Listings are allowed to contain much more rich content than, 110 say, Slashdot- so it's attack surface is considerably larger. The following 111 tags appear to be accepted by eBay (they don't publish rules): 112 <code><a></code>,... 113 </blockquote> 114 <P> 115 116 <P> 117 <HR> 118 119 <P> 120 <!-- =========== FIELD SUMMARY =========== --> 121 122 <A NAME="field_summary"><!-- --></A> 123 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 124 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 125 <TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 126 <B>Field Summary</B></FONT></TH> 127 </TR> 128 <TR BGCOLOR="white" CLASS="TableRowColor"> 129 <TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 130 <CODE>static <A HREF="../../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A></CODE></FONT></TD> 131 <TD><CODE><B><A HREF="../../../../org/owasp/html/examples/EbayPolicyExample.html#POLICY_DEFINITION">POLICY_DEFINITION</A></B></CODE> 132 133 <BR> 134 </TD> 135 </TR> 136 </TABLE> 137 138 <!-- ======== CONSTRUCTOR SUMMARY ======== --> 139 140 <A NAME="constructor_summary"><!-- --></A> 141 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 142 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 143 <TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 144 <B>Constructor Summary</B></FONT></TH> 145 </TR> 146 <TR BGCOLOR="white" CLASS="TableRowColor"> 147 <TD><CODE><B><A HREF="../../../../org/owasp/html/examples/EbayPolicyExample.html#EbayPolicyExample()">EbayPolicyExample</A></B>()</CODE> 148 149 <BR> 150 </TD> 151 </TR> 152 </TABLE> 153 154 <!-- ========== METHOD SUMMARY =========== --> 155 156 <A NAME="method_summary"><!-- --></A> 157 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 158 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 159 <TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 160 <B>Method Summary</B></FONT></TH> 161 </TR> 162 <TR BGCOLOR="white" CLASS="TableRowColor"> 163 <TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 164 <CODE>static void</CODE></FONT></TD> 165 <TD><CODE><B><A HREF="../../../../org/owasp/html/examples/EbayPolicyExample.html#main(java.lang.String[])">main</A></B>(java.lang.String[] args)</CODE> 166 167 <BR> 168 </TD> 169 </TR> 170 </TABLE> 171 <A NAME="methods_inherited_from_class_java.lang.Object"><!-- --></A> 172 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 173 <TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor"> 174 <TH ALIGN="left"><B>Methods inherited from class java.lang.Object</B></TH> 175 </TR> 176 <TR BGCOLOR="white" CLASS="TableRowColor"> 177 <TD><CODE>clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait</CODE></TD> 178 </TR> 179 </TABLE> 180 181 <P> 182 183 <!-- ============ FIELD DETAIL =========== --> 184 185 <A NAME="field_detail"><!-- --></A> 186 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 187 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 188 <TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2"> 189 <B>Field Detail</B></FONT></TH> 190 </TR> 191 </TABLE> 192 193 <A NAME="POLICY_DEFINITION"><!-- --></A><H3> 194 POLICY_DEFINITION</H3> 195 <PRE> 196 public static final <A HREF="../../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A> <A HREF="../../../../src-html/org/owasp/html/examples/EbayPolicyExample.html#line.126"><B>POLICY_DEFINITION</B></A></PRE> 197 <DL> 198 <DL> 199 </DL> 200 </DL> 201 202 <!-- ========= CONSTRUCTOR DETAIL ======== --> 203 204 <A NAME="constructor_detail"><!-- --></A> 205 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 206 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 207 <TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2"> 208 <B>Constructor Detail</B></FONT></TH> 209 </TR> 210 </TABLE> 211 212 <A NAME="EbayPolicyExample()"><!-- --></A><H3> 213 EbayPolicyExample</H3> 214 <PRE> 215 public <A HREF="../../../../src-html/org/owasp/html/examples/EbayPolicyExample.html#line.60"><B>EbayPolicyExample</B></A>()</PRE> 216 <DL> 217 </DL> 218 219 <!-- ============ METHOD DETAIL ========== --> 220 221 <A NAME="method_detail"><!-- --></A> 222 <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 223 <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 224 <TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2"> 225 <B>Method Detail</B></FONT></TH> 226 </TR> 227 </TABLE> 228 229 <A NAME="main(java.lang.String[])"><!-- --></A><H3> 230 main</H3> 231 <PRE> 232 public static void <A HREF="../../../../src-html/org/owasp/html/examples/EbayPolicyExample.html#line.208"><B>main</B></A>(java.lang.String[] args) 233 throws java.io.IOException</PRE> 234 <DL> 235 <DD><DL> 236 237 <DT><B>Throws:</B> 238 <DD><CODE>java.io.IOException</CODE></DL> 239 </DD> 240 </DL> 241 <!-- ========= END OF CLASS DATA ========= --> 242 <HR> 243 244 245 <!-- ======= START OF BOTTOM NAVBAR ====== --> 246 <A NAME="navbar_bottom"><!-- --></A> 247 <A HREF="#skip-navbar_bottom" title="Skip navigation links"></A> 248 <TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> 249 <TR> 250 <TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> 251 <A NAME="navbar_bottom_firstrow"><!-- --></A> 252 <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> 253 <TR ALIGN="center" VALIGN="top"> 254 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> 255 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A> </TD> 256 <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT> </TD> 257 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/EbayPolicyExample.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A> </TD> 258 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> 259 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> 260 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> 261 </TR> 262 </TABLE> 263 </TD> 264 <TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> 265 <a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM> 266 </TD> 267 </TR> 268 269 <TR> 270 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 271 PREV CLASS 272 <A HREF="../../../../org/owasp/html/examples/SlashdotPolicyExample.html" title="class in org.owasp.html.examples"><B>NEXT CLASS</B></A></FONT></TD> 273 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 274 <A HREF="../../../../index.html?org/owasp/html/examples/EbayPolicyExample.html" target="_top"><B>FRAMES</B></A> 275 <A HREF="EbayPolicyExample.html" target="_top"><B>NO FRAMES</B></A> 276 <SCRIPT type="text/javascript"> 277 <!-- 278 if(window==top) { 279 document.writeln('<A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A>'); 280 } 281 //--> 282 </SCRIPT> 283 <NOSCRIPT> 284 <A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A> 285 </NOSCRIPT> 286 287 288 </FONT></TD> 289 </TR> 290 <TR> 291 <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 292 SUMMARY: NESTED | <A HREF="#field_summary">FIELD</A> | <A HREF="#constructor_summary">CONSTR</A> | <A HREF="#method_summary">METHOD</A></FONT></TD> 293 <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 294 DETAIL: <A HREF="#field_detail">FIELD</A> | <A HREF="#constructor_detail">CONSTR</A> | <A HREF="#method_detail">METHOD</A></FONT></TD> 295 </TR> 296 </TABLE> 297 <A NAME="skip-navbar_bottom"></A> 298 <!-- ======== END OF BOTTOM NAVBAR ======= --> 299 300 <HR> 301 302 </BODY> 303 </HTML> 304
