Based on the AntiSamy
EBay example. eBay (http://www.ebay.com/) is the most
popular online auction site in the universe, as far as I can tell. It is a
public site so anyone is allowed to post listings with rich HTML content.
It's not surprising that given the attractiveness of eBay as a target that it
has been subject to a few complex XSS attacks. Listings are allowed to
contain much more rich content than, say, Slashdot- so it's attack surface is
considerably larger. The following tags appear to be accepted by eBay (they
don't publish rules): <a>,...