1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 2<!--NewPage--> 3<HTML> 4<HEAD> 5<META http-equiv="Content-Type" content="text/html; charset=UTF-8"> 6<TITLE> 7EbayPolicyExample (OWASP Java HTML Sanitizer) 8</TITLE> 9 10 11<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../stylesheet.css" TITLE="Style"> 12 13<SCRIPT type="text/javascript"> 14function windowTitle() 15{ 16 if (location.href.indexOf('is-external=true') == -1) { 17 parent.document.title="EbayPolicyExample (OWASP Java HTML Sanitizer)"; 18 } 19} 20</SCRIPT> 21<NOSCRIPT> 22</NOSCRIPT> 23 24</HEAD> 25 26<BODY BGCOLOR="white" onload="windowTitle();"> 27<HR> 28 29 30<!-- ========= START OF TOP NAVBAR ======= --> 31<A NAME="navbar_top"><!-- --></A> 32<A HREF="#skip-navbar_top" title="Skip navigation links"></A> 33<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> 34<TR> 35<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> 36<A NAME="navbar_top_firstrow"><!-- --></A> 37<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> 38 <TR ALIGN="center" VALIGN="top"> 39 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> 40 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A> </TD> 41 <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT> </TD> 42 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/EbayPolicyExample.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A> </TD> 43 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> 44 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> 45 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> 46 </TR> 47</TABLE> 48</TD> 49<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> 50<a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM> 51</TD> 52</TR> 53 54<TR> 55<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 56 PREV CLASS 57 <A HREF="../../../../org/owasp/html/examples/SlashdotPolicyExample.html" title="class in org.owasp.html.examples"><B>NEXT CLASS</B></A></FONT></TD> 58<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 59 <A HREF="../../../../index.html?org/owasp/html/examples/EbayPolicyExample.html" target="_top"><B>FRAMES</B></A> 60 <A HREF="EbayPolicyExample.html" target="_top"><B>NO FRAMES</B></A> 61 <SCRIPT type="text/javascript"> 62 <!-- 63 if(window==top) { 64 document.writeln('<A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A>'); 65 } 66 //--> 67</SCRIPT> 68<NOSCRIPT> 69 <A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A> 70</NOSCRIPT> 71 72 73</FONT></TD> 74</TR> 75<TR> 76<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 77 SUMMARY: NESTED | <A HREF="#field_summary">FIELD</A> | <A HREF="#constructor_summary">CONSTR</A> | <A HREF="#method_summary">METHOD</A></FONT></TD> 78<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 79DETAIL: <A HREF="#field_detail">FIELD</A> | <A HREF="#constructor_detail">CONSTR</A> | <A HREF="#method_detail">METHOD</A></FONT></TD> 80</TR> 81</TABLE> 82<A NAME="skip-navbar_top"></A> 83<!-- ========= END OF TOP NAVBAR ========= --> 84 85<HR> 86<!-- ======== START OF CLASS DATA ======== --> 87<H2> 88<FONT SIZE="-1"> 89org.owasp.html.examples</FONT> 90<BR> 91Class EbayPolicyExample</H2> 92<PRE> 93java.lang.Object 94 <IMG SRC="../../../../resources/inherit.gif" ALT="extended by "><B>org.owasp.html.examples.EbayPolicyExample</B> 95</PRE> 96<HR> 97<DL> 98<DT><PRE>public class <A HREF="../../../../src-html/org/owasp/html/examples/EbayPolicyExample.html#line.60"><B>EbayPolicyExample</B></A><DT>extends java.lang.Object</DL> 99</PRE> 100 101<P> 102Based on the 103 <a href="http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project#Stage_2_-_Choosing_a_base_policy_file">AntiSamy EBay example</a>. 104 <blockquote> 105 eBay (http://www.ebay.com/) is the most popular online auction site in the 106 universe, as far as I can tell. It is a public site so anyone is allowed to 107 post listings with rich HTML content. It's not surprising that given the 108 attractiveness of eBay as a target that it has been subject to a few complex 109 XSS attacks. Listings are allowed to contain much more rich content than, 110 say, Slashdot- so it's attack surface is considerably larger. The following 111 tags appear to be accepted by eBay (they don't publish rules): 112 <code><a></code>,... 113 </blockquote> 114<P> 115 116<P> 117<HR> 118 119<P> 120<!-- =========== FIELD SUMMARY =========== --> 121 122<A NAME="field_summary"><!-- --></A> 123<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 124<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 125<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 126<B>Field Summary</B></FONT></TH> 127</TR> 128<TR BGCOLOR="white" CLASS="TableRowColor"> 129<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 130<CODE>static <A HREF="../../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A></CODE></FONT></TD> 131<TD><CODE><B><A HREF="../../../../org/owasp/html/examples/EbayPolicyExample.html#POLICY_DEFINITION">POLICY_DEFINITION</A></B></CODE> 132 133<BR> 134 </TD> 135</TR> 136</TABLE> 137 138<!-- ======== CONSTRUCTOR SUMMARY ======== --> 139 140<A NAME="constructor_summary"><!-- --></A> 141<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 142<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 143<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 144<B>Constructor Summary</B></FONT></TH> 145</TR> 146<TR BGCOLOR="white" CLASS="TableRowColor"> 147<TD><CODE><B><A HREF="../../../../org/owasp/html/examples/EbayPolicyExample.html#EbayPolicyExample()">EbayPolicyExample</A></B>()</CODE> 148 149<BR> 150 </TD> 151</TR> 152</TABLE> 153 154<!-- ========== METHOD SUMMARY =========== --> 155 156<A NAME="method_summary"><!-- --></A> 157<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 158<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 159<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> 160<B>Method Summary</B></FONT></TH> 161</TR> 162<TR BGCOLOR="white" CLASS="TableRowColor"> 163<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> 164<CODE>static void</CODE></FONT></TD> 165<TD><CODE><B><A HREF="../../../../org/owasp/html/examples/EbayPolicyExample.html#main(java.lang.String[])">main</A></B>(java.lang.String[] args)</CODE> 166 167<BR> 168 </TD> 169</TR> 170</TABLE> 171 <A NAME="methods_inherited_from_class_java.lang.Object"><!-- --></A> 172<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 173<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor"> 174<TH ALIGN="left"><B>Methods inherited from class java.lang.Object</B></TH> 175</TR> 176<TR BGCOLOR="white" CLASS="TableRowColor"> 177<TD><CODE>clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait</CODE></TD> 178</TR> 179</TABLE> 180 181<P> 182 183<!-- ============ FIELD DETAIL =========== --> 184 185<A NAME="field_detail"><!-- --></A> 186<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 187<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 188<TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2"> 189<B>Field Detail</B></FONT></TH> 190</TR> 191</TABLE> 192 193<A NAME="POLICY_DEFINITION"><!-- --></A><H3> 194POLICY_DEFINITION</H3> 195<PRE> 196public static final <A HREF="../../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A> <A HREF="../../../../src-html/org/owasp/html/examples/EbayPolicyExample.html#line.126"><B>POLICY_DEFINITION</B></A></PRE> 197<DL> 198<DL> 199</DL> 200</DL> 201 202<!-- ========= CONSTRUCTOR DETAIL ======== --> 203 204<A NAME="constructor_detail"><!-- --></A> 205<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 206<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 207<TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2"> 208<B>Constructor Detail</B></FONT></TH> 209</TR> 210</TABLE> 211 212<A NAME="EbayPolicyExample()"><!-- --></A><H3> 213EbayPolicyExample</H3> 214<PRE> 215public <A HREF="../../../../src-html/org/owasp/html/examples/EbayPolicyExample.html#line.60"><B>EbayPolicyExample</B></A>()</PRE> 216<DL> 217</DL> 218 219<!-- ============ METHOD DETAIL ========== --> 220 221<A NAME="method_detail"><!-- --></A> 222<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> 223<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> 224<TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2"> 225<B>Method Detail</B></FONT></TH> 226</TR> 227</TABLE> 228 229<A NAME="main(java.lang.String[])"><!-- --></A><H3> 230main</H3> 231<PRE> 232public static void <A HREF="../../../../src-html/org/owasp/html/examples/EbayPolicyExample.html#line.208"><B>main</B></A>(java.lang.String[] args) 233 throws java.io.IOException</PRE> 234<DL> 235<DD><DL> 236 237<DT><B>Throws:</B> 238<DD><CODE>java.io.IOException</CODE></DL> 239</DD> 240</DL> 241<!-- ========= END OF CLASS DATA ========= --> 242<HR> 243 244 245<!-- ======= START OF BOTTOM NAVBAR ====== --> 246<A NAME="navbar_bottom"><!-- --></A> 247<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A> 248<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> 249<TR> 250<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> 251<A NAME="navbar_bottom_firstrow"><!-- --></A> 252<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> 253 <TR ALIGN="center" VALIGN="top"> 254 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> 255 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A> </TD> 256 <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT> </TD> 257 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/EbayPolicyExample.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A> </TD> 258 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> 259 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> 260 <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> 261 </TR> 262</TABLE> 263</TD> 264<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> 265<a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM> 266</TD> 267</TR> 268 269<TR> 270<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 271 PREV CLASS 272 <A HREF="../../../../org/owasp/html/examples/SlashdotPolicyExample.html" title="class in org.owasp.html.examples"><B>NEXT CLASS</B></A></FONT></TD> 273<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> 274 <A HREF="../../../../index.html?org/owasp/html/examples/EbayPolicyExample.html" target="_top"><B>FRAMES</B></A> 275 <A HREF="EbayPolicyExample.html" target="_top"><B>NO FRAMES</B></A> 276 <SCRIPT type="text/javascript"> 277 <!-- 278 if(window==top) { 279 document.writeln('<A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A>'); 280 } 281 //--> 282</SCRIPT> 283<NOSCRIPT> 284 <A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A> 285</NOSCRIPT> 286 287 288</FONT></TD> 289</TR> 290<TR> 291<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 292 SUMMARY: NESTED | <A HREF="#field_summary">FIELD</A> | <A HREF="#constructor_summary">CONSTR</A> | <A HREF="#method_summary">METHOD</A></FONT></TD> 293<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> 294DETAIL: <A HREF="#field_detail">FIELD</A> | <A HREF="#constructor_detail">CONSTR</A> | <A HREF="#method_detail">METHOD</A></FONT></TD> 295</TR> 296</TABLE> 297<A NAME="skip-navbar_bottom"></A> 298<!-- ======== END OF BOTTOM NAVBAR ======= --> 299 300<HR> 301 302</BODY> 303</HTML> 304