GitBucket
4.21.2
Toggle navigation
Snippets
Sign in
Files
Branches
1
Releases
Issues
Pull requests
Labels
Priorities
Milestones
Wiki
Forks
mark.george
/
jetty
Browse code
Merge branch 'master' of https://isgb.otago.ac.nz/infosci/git/INFO202/injection-demo
master
commit
9858c9d8f45f2f0b489124b55f2b7eaf588d181e
2 parents
b7d28b1
+
ba8ea97
Mark George
authored
on 21 Feb 2019
Patch
Showing
2 changed files
web/safe_search.jsp
web/safe_searchresults.jsp
Ignore Space
Show notes
View
web/safe_search.jsp
<!DOCTYPE html> <html> <head> <link rel="stylesheet" type="text/css" href="css/style.css"/> <title>Awesome Web Site - Product Search</title> </head> <body> <div id="content"> <%@include file="/WEB-INF/jspf/menu.jspf" %> <h1>Welcome to our awesome web site!</h1> <h2>Input sanitisation using OWASP AntiSamy</h2> <fieldset><legend>Search for a product</legend> <form action="safe_searchresults.jsp" method="POST"> <label>Key words <input type="text" name="keywords"></label> <input type="submit" value="Search"> </form> </fieldset> </div> </body> </html>
<!DOCTYPE html> <html> <head> <link rel="stylesheet" type="text/css" href="css/style.css"/> <title>Awesome Web Site - Product Search</title> </head> <body> <div id="content"> <%@include file="/WEB-INF/jspf/menu.jspf" %> <h1>Welcome to our awesome web site!</h1> <h2>Input sanitation using OWASP AntiSamy</h2> <fieldset><legend>Search for a product</legend> <form action="safe_searchresults.jsp" method="POST"> <label>Key words <input type="text" name="keywords"></label> <input type="submit" value="Search"> </form> </fieldset> </div> </body> </html>
Ignore Space
Show notes
View
web/safe_searchresults.jsp
<%@page import="java.net.URL"%> <%@page contentType="text/html" pageEncoding="UTF-8"%> <%@page import="org.owasp.validator.html.*"%> <% /* Ths JSP is used to demonstrate XSS attacks */ String keywords = request.getParameter("keywords"); Policy policy = Policy.getInstance(getServletContext().getResource("/antisamy.xml")); AntiSamy as = new AntiSamy(); CleanResults cr = as.scan(keywords, policy, AntiSamy.SAX); keywords = cr.getCleanHTML(); %> <html> <head> <title>Awesome Web Site - Search Results</title> <link rel="stylesheet" type="text/css" href="css/style.css"/> </head> <body> <div id="content"> <%@include file="/WEB-INF/jspf/menu.jspf" %> <h1>Search results</h1> You searched for <%=keywords%> <br /> <a href='safe_search.jsp'>Back</a> </div> </body> </html>
<%@page import="java.net.URL"%> <%@page contentType="text/html" pageEncoding="UTF-8"%> <%@page import="org.owasp.validator.html.*"%> <% /* Ths JSP is used to demonstrate XSS attacks */ String keywords = request.getParameter("keywords"); Policy policy = Policy.getInstance(getServletContext().getResource("/antisamy.xml")); AntiSamy as = new AntiSamy(); CleanResults cr = as.scan(keywords, policy, AntiSamy.SAX); keywords = cr.getCleanHTML(); %> <html> <head> <title>Awesome Web Site - Search Results</title> <link rel="stylesheet" type="text/css" href="css/style.css"/> </head> <body> <div id="content"> <%@include file="/WEB-INF/jspf/menu.jspf" %> <h1>Search results</h1> You searched for <%=keywords%> <br /> <a href='search.jsp'>Back</a> </div> </body> </html>
Show line notes below