Package org.owasp.html.examples
Class EbayPolicyExample
- java.lang.Object
-
- org.owasp.html.examples.EbayPolicyExample
-
public class EbayPolicyExample extends java.lang.Object
Based on the AntiSamy EBay example.eBay (http://www.ebay.com/) is the most popular online auction site in the universe, as far as I can tell. It is a public site so anyone is allowed to post listings with rich HTML content. It's not surprising that given the attractiveness of eBay as a target that it has been subject to a few complex XSS attacks. Listings are allowed to contain much more rich content than, say, Slashdot- so it's attack surface is considerably larger. The following tags appear to be accepted by eBay (they don't publish rules):
<a>
,...
-
-
Field Summary
Fields Modifier and Type Field Description static com.google.common.base.Function<HtmlStreamEventReceiver,HtmlSanitizer.Policy>
POLICY_DEFINITION
-
Constructor Summary
Constructors Constructor Description EbayPolicyExample()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static void
main(java.lang.String[] args)
-
-
-
Field Detail
-
POLICY_DEFINITION
public static final com.google.common.base.Function<HtmlStreamEventReceiver,HtmlSanitizer.Policy> POLICY_DEFINITION
-
-