1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
2<!--NewPage-->
3<HTML>
4<HEAD>
5<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
6<TITLE>
7EbayPolicyExample (OWASP Java HTML Sanitizer)
8</TITLE>
9
10
11<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../stylesheet.css" TITLE="Style">
12
13<SCRIPT type="text/javascript">
14function windowTitle()
15{
16    if (location.href.indexOf('is-external=true') == -1) {
17        parent.document.title="EbayPolicyExample (OWASP Java HTML Sanitizer)";
18    }
19}
20</SCRIPT>
21<NOSCRIPT>
22</NOSCRIPT>
23
24</HEAD>
25
26<BODY BGCOLOR="white" onload="windowTitle();">
27<HR>
28
29
30<!-- ========= START OF TOP NAVBAR ======= -->
31<A NAME="navbar_top"><!-- --></A>
32<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
33<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
34<TR>
35<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
36<A NAME="navbar_top_firstrow"><!-- --></A>
37<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
38  <TR ALIGN="center" VALIGN="top">
39  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
40  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
41  <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
42  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="class-use/EbayPolicyExample.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
43  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
44  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
45  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
46  </TR>
47</TABLE>
48</TD>
49<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
50<a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM>
51</TD>
52</TR>
53
54<TR>
55<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
56&nbsp;PREV CLASS&nbsp;
57&nbsp;<A HREF="../../../../org/owasp/html/examples/SlashdotPolicyExample.html" title="class in org.owasp.html.examples"><B>NEXT CLASS</B></A></FONT></TD>
58<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
59  <A HREF="../../../../index.html?org/owasp/html/examples/EbayPolicyExample.html" target="_top"><B>FRAMES</B></A>  &nbsp;
60&nbsp;<A HREF="EbayPolicyExample.html" target="_top"><B>NO FRAMES</B></A>  &nbsp;
61&nbsp;<SCRIPT type="text/javascript">
62  <!--
63  if(window==top) {
64    document.writeln('<A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A>');
65  }
66  //-->
67</SCRIPT>
68<NOSCRIPT>
69  <A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A>
70</NOSCRIPT>
71
72
73</FONT></TD>
74</TR>
75<TR>
76<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
77  SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;<A HREF="#field_summary">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
78<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
79DETAIL:&nbsp;<A HREF="#field_detail">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
80</TR>
81</TABLE>
82<A NAME="skip-navbar_top"></A>
83<!-- ========= END OF TOP NAVBAR ========= -->
84
85<HR>
86<!-- ======== START OF CLASS DATA ======== -->
87<H2>
88<FONT SIZE="-1">
89org.owasp.html.examples</FONT>
90<BR>
91Class EbayPolicyExample</H2>
92<PRE>
93java.lang.Object
94  <IMG SRC="../../../../resources/inherit.gif" ALT="extended by "><B>org.owasp.html.examples.EbayPolicyExample</B>
95</PRE>
96<HR>
97<DL>
98<DT><PRE>public class <A HREF="../../../../src-html/org/owasp/html/examples/EbayPolicyExample.html#line.60"><B>EbayPolicyExample</B></A><DT>extends java.lang.Object</DL>
99</PRE>
100
101<P>
102Based on the
103 <a href="http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project#Stage_2_-_Choosing_a_base_policy_file">AntiSamy EBay example</a>.
104 <blockquote>
105 eBay (http://www.ebay.com/) is the most popular online auction site in the
106 universe, as far as I can tell. It is a public site so anyone is allowed to
107 post listings with rich HTML content. It's not surprising that given the
108 attractiveness of eBay as a target that it has been subject to a few complex
109 XSS attacks. Listings are allowed to contain much more rich content than,
110 say, Slashdot- so it's attack surface is considerably larger. The following
111 tags appear to be accepted by eBay (they don't publish rules):
112 <code>&lt;a&gt;</code>,...
113 </blockquote>
114<P>
115
116<P>
117<HR>
118
119<P>
120<!-- =========== FIELD SUMMARY =========== -->
121
122<A NAME="field_summary"><!-- --></A>
123<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
124<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
125<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2">
126<B>Field Summary</B></FONT></TH>
127</TR>
128<TR BGCOLOR="white" CLASS="TableRowColor">
129<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
130<CODE>static&nbsp;<A HREF="../../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A></CODE></FONT></TD>
131<TD><CODE><B><A HREF="../../../../org/owasp/html/examples/EbayPolicyExample.html#POLICY_DEFINITION">POLICY_DEFINITION</A></B></CODE>
132
133<BR>
134&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
135</TR>
136</TABLE>
137&nbsp;
138<!-- ======== CONSTRUCTOR SUMMARY ======== -->
139
140<A NAME="constructor_summary"><!-- --></A>
141<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
142<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
143<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2">
144<B>Constructor Summary</B></FONT></TH>
145</TR>
146<TR BGCOLOR="white" CLASS="TableRowColor">
147<TD><CODE><B><A HREF="../../../../org/owasp/html/examples/EbayPolicyExample.html#EbayPolicyExample()">EbayPolicyExample</A></B>()</CODE>
148
149<BR>
150&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
151</TR>
152</TABLE>
153&nbsp;
154<!-- ========== METHOD SUMMARY =========== -->
155
156<A NAME="method_summary"><!-- --></A>
157<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
158<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
159<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2">
160<B>Method Summary</B></FONT></TH>
161</TR>
162<TR BGCOLOR="white" CLASS="TableRowColor">
163<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
164<CODE>static&nbsp;void</CODE></FONT></TD>
165<TD><CODE><B><A HREF="../../../../org/owasp/html/examples/EbayPolicyExample.html#main(java.lang.String[])">main</A></B>(java.lang.String[]&nbsp;args)</CODE>
166
167<BR>
168&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
169</TR>
170</TABLE>
171&nbsp;<A NAME="methods_inherited_from_class_java.lang.Object"><!-- --></A>
172<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
173<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor">
174<TH ALIGN="left"><B>Methods inherited from class java.lang.Object</B></TH>
175</TR>
176<TR BGCOLOR="white" CLASS="TableRowColor">
177<TD><CODE>clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait</CODE></TD>
178</TR>
179</TABLE>
180&nbsp;
181<P>
182
183<!-- ============ FIELD DETAIL =========== -->
184
185<A NAME="field_detail"><!-- --></A>
186<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
187<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
188<TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2">
189<B>Field Detail</B></FONT></TH>
190</TR>
191</TABLE>
192
193<A NAME="POLICY_DEFINITION"><!-- --></A><H3>
194POLICY_DEFINITION</H3>
195<PRE>
196public static final <A HREF="../../../../org/owasp/html/PolicyFactory.html" title="class in org.owasp.html">PolicyFactory</A> <A HREF="../../../../src-html/org/owasp/html/examples/EbayPolicyExample.html#line.126"><B>POLICY_DEFINITION</B></A></PRE>
197<DL>
198<DL>
199</DL>
200</DL>
201
202<!-- ========= CONSTRUCTOR DETAIL ======== -->
203
204<A NAME="constructor_detail"><!-- --></A>
205<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
206<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
207<TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2">
208<B>Constructor Detail</B></FONT></TH>
209</TR>
210</TABLE>
211
212<A NAME="EbayPolicyExample()"><!-- --></A><H3>
213EbayPolicyExample</H3>
214<PRE>
215public <A HREF="../../../../src-html/org/owasp/html/examples/EbayPolicyExample.html#line.60"><B>EbayPolicyExample</B></A>()</PRE>
216<DL>
217</DL>
218
219<!-- ============ METHOD DETAIL ========== -->
220
221<A NAME="method_detail"><!-- --></A>
222<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
223<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
224<TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2">
225<B>Method Detail</B></FONT></TH>
226</TR>
227</TABLE>
228
229<A NAME="main(java.lang.String[])"><!-- --></A><H3>
230main</H3>
231<PRE>
232public static void <A HREF="../../../../src-html/org/owasp/html/examples/EbayPolicyExample.html#line.208"><B>main</B></A>(java.lang.String[]&nbsp;args)
233                 throws java.io.IOException</PRE>
234<DL>
235<DD><DL>
236
237<DT><B>Throws:</B>
238<DD><CODE>java.io.IOException</CODE></DL>
239</DD>
240</DL>
241<!-- ========= END OF CLASS DATA ========= -->
242<HR>
243
244
245<!-- ======= START OF BOTTOM NAVBAR ====== -->
246<A NAME="navbar_bottom"><!-- --></A>
247<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
248<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
249<TR>
250<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
251<A NAME="navbar_bottom_firstrow"><!-- --></A>
252<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
253  <TR ALIGN="center" VALIGN="top">
254  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
255  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
256  <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
257  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="class-use/EbayPolicyExample.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
258  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
259  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
260  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
261  </TR>
262</TABLE>
263</TD>
264<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
265<a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a></EM>
266</TD>
267</TR>
268
269<TR>
270<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
271&nbsp;PREV CLASS&nbsp;
272&nbsp;<A HREF="../../../../org/owasp/html/examples/SlashdotPolicyExample.html" title="class in org.owasp.html.examples"><B>NEXT CLASS</B></A></FONT></TD>
273<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
274  <A HREF="../../../../index.html?org/owasp/html/examples/EbayPolicyExample.html" target="_top"><B>FRAMES</B></A>  &nbsp;
275&nbsp;<A HREF="EbayPolicyExample.html" target="_top"><B>NO FRAMES</B></A>  &nbsp;
276&nbsp;<SCRIPT type="text/javascript">
277  <!--
278  if(window==top) {
279    document.writeln('<A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A>');
280  }
281  //-->
282</SCRIPT>
283<NOSCRIPT>
284  <A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A>
285</NOSCRIPT>
286
287
288</FONT></TD>
289</TR>
290<TR>
291<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
292  SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;<A HREF="#field_summary">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
293<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
294DETAIL:&nbsp;<A HREF="#field_detail">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
295</TR>
296</TABLE>
297<A NAME="skip-navbar_bottom"></A>
298<!-- ======== END OF BOTTOM NAVBAR ======= -->
299
300<HR>
301
302</BODY>
303</HTML>
304