org.owasp.html.examples.EbayPolicyExample
|
code.google.com home | ||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Object
public class EbayPolicyExample
Based on the AntiSamy EBay example.
eBay (http://www.ebay.com/) is the most popular online auction site in the
universe, as far as I can tell. It is a public site so anyone is allowed to
post listings with rich HTML content. It's not surprising that given the
attractiveness of eBay as a target that it has been subject to a few complex
XSS attacks. Listings are allowed to contain much more rich content than,
say, Slashdot- so it's attack surface is considerably larger. The following
tags appear to be accepted by eBay (they don't publish rules):
<a>,...
| Field Summary | |
|---|---|
static PolicyFactory |
POLICY_DEFINITION
|
| Constructor Summary | |
|---|---|
EbayPolicyExample()
|
|
| Method Summary | |
|---|---|
static void |
main(java.lang.String[] args)
|
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
|---|
public static final PolicyFactory POLICY_DEFINITION
| Constructor Detail |
|---|
public EbayPolicyExample()
| Method Detail |
|---|
public static void main(java.lang.String[] args)
throws java.io.IOException
java.io.IOException
|
code.google.com home | ||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||