<%@page import="java.net.URL"%> <%@page contentType="text/html" pageEncoding="UTF-8"%> <%@page import="org.owasp.validator.html.*"%> <% /* Ths JSP is used to demonstrate XSS attacks */ String keywords = request.getParameter("keywords"); Policy policy = Policy.getInstance(getServletContext().getResource("/antisamy.xml")); AntiSamy as = new AntiSamy(); CleanResults cr = as.scan(keywords, policy, AntiSamy.SAX); keywords = cr.getCleanHTML(); %> <html> <head> <title>Awesome Web Site - Search Results</title> <link rel="stylesheet" type="text/css" href="css/style.css"/> </head> <body> <div id="content"> <%@include file="/WEB-INF/jspf/menu.jspf" %> <h1>Search results</h1> Sorry, no results where found for '<%=keywords%>'. <br /> <a href='safe_search.jsp'>Back</a> </div> </body> </html>