Newer
Older
jetty / src / main / webapp / safe_searchresults.jsp
<%@page import="java.net.URL"%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@page import="org.owasp.validator.html.*"%>
<%
/*  Ths JSP is used to demonstrate XSS attacks */

   String keywords = request.getParameter("keywords");

   Policy policy = Policy.getInstance(getServletContext().getResource("/antisamy.xml"));

   AntiSamy as = new AntiSamy();
   CleanResults cr = as.scan(keywords, policy, AntiSamy.SAX);
   keywords = cr.getCleanHTML();

%>
<html>
   <head>
      <title>Awesome Web Site - Search Results</title>
      <link rel="stylesheet" type="text/css" href="css/style.css"/>
   </head>
   <body>
      <div id="content">

         <%@include file="/WEB-INF/jspf/menu.jspf" %>

         <h1>Search results</h1>
         You searched for <%=keywords%>
         <br />
         <a href='safe_search.jsp'>Back</a>
      </div>
   </body>
</html>