org.owasp.html.examples.SlashdotPolicyExample
|
code.google.com home | ||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Object
public class SlashdotPolicyExample
Based on the AntiSamy Slashdot example.
Slashdot (http://www.slashdot.org/) is a techie news site that allows users to respond anonymously to news posts with very limited HTML markup. Now Slashdot is not only one of the coolest sites around, it's also one that's been subject to many different successful attacks. Even more unfortunate is the fact that most of the attacks led users to the infamous goatse.cx picture (please don't go look it up). The rules for Slashdot are fairly strict: users can only submit the following HTML tags and no CSS:<b>,<u>,<i>,<a>,<blockquote>.
Accordingly, we've built a policy file that allows fairly similar functionality. All text-formatting tags that operate directly on the font, color or emphasis have been allowed.
| Field Summary | |
|---|---|
static com.google.common.base.Function<HtmlStreamEventReceiver,HtmlSanitizer.Policy> |
POLICY_DEFINITION
A policy definition that matches the minimal HTML that Slashdot allows. |
| Constructor Summary | |
|---|---|
SlashdotPolicyExample()
|
|
| Method Summary | |
|---|---|
static void |
main(java.lang.String[] args)
|
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
|---|
public static final com.google.common.base.Function<HtmlStreamEventReceiver,HtmlSanitizer.Policy> POLICY_DEFINITION
| Constructor Detail |
|---|
public SlashdotPolicyExample()
| Method Detail |
|---|
public static void main(java.lang.String[] args)
throws java.io.IOException
java.io.IOException
|
code.google.com home | ||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||