### Initialize Sandbox Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/cf/follow_button.1359077775.htm Initializes the sandbox environment by getting the element or creating it if it doesn't exist. ```javascript function u(){function a(a){s=a.frame,r=a.doc,q=a.doc.body,m=F(),n=G();while(o[0])z.apply(this,o.shift());p&&A()}s=document.getElementById("rufous-sandbox"),s?(r=s.contentWindow.document,q=r.body):c(a,{id:"rufous-sandbox"},{display:"none"})} ``` -------------------------------- ### Scan with Policy File Path Source: https://github.com/nahsra/antisamy/blob/main/README.md This example shows how to invoke the AntiSamy scan method by providing the policy file location as a String. ```APIDOC ## Scan with Policy File Path ### Description This example shows how to invoke the AntiSamy scan method by providing the policy file location as a String. ### Method `scan` ### Parameters #### Policy - **policyFilePath**: `String` - The file path to the policy file. - **dirtyInput**: `String` - The HTML input to be scanned. ### Request Example ```java AntiSamy as = new AntiSamy(); CleanResults cr = as.scan(dirtyInput, policyFilePath); ``` ### Response #### Success Response - **CleanResults**: An object containing the cleaned HTML and any scan warnings. ``` -------------------------------- ### Scan with Policy File Object Source: https://github.com/nahsra/antisamy/blob/main/README.md This example demonstrates scanning HTML using AntiSamy by providing a File object representing the policy file. ```APIDOC ## Scan with Policy File Object ### Description This example demonstrates scanning HTML using AntiSamy by providing a File object representing the policy file. ### Method `scan` ### Parameters #### Policy - **policyFile**: `File` - A File object representing the policy file. - **dirtyInput**: `String` - The HTML input to be scanned. ### Request Example ```java AntiSamy as = new AntiSamy(); CleanResults cr = as.scan(dirtyInput, new File(policyFilePath)); ``` ### Response #### Success Response - **CleanResults**: An object containing the cleaned HTML and any scan warnings. ``` -------------------------------- ### Basic AntiSamy Scan Source: https://github.com/nahsra/antisamy/blob/main/README.md This example demonstrates the basic usage of the AntiSamy API to scan a string of HTML against a specified policy file. ```APIDOC ## Basic AntiSamy Scan ### Description This example demonstrates the basic usage of the AntiSamy API to scan a string of HTML against a specified policy file. ### Method `scan` ### Parameters #### Policy - **policy**: `Policy` - The policy object to use for scanning. - **dirtyInput**: `String` - The HTML input to be scanned. ### Request Example ```java import org.owasp.validator.html.*; Policy policy = Policy.getInstance(POLICY_FILE_LOCATION); AntiSamy as = new AntiSamy(); CleanResults cr = as.scan(dirtyInput, policy); // cr.getCleanHTML() contains the cleaned HTML ``` ### Response #### Success Response - **CleanResults**: An object containing the cleaned HTML and any scan warnings. ``` -------------------------------- ### Sequential Dependency Execution (JavaScript) Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/cf/follow_button.1359077775.htm Defines the L.prototype for sequential dependency execution, including start and the internal r function for managing and executing dependencies in order. Collects results from sequential dependencies. ```javascript L.prototype=new T,L.prototype.start=function(){var e=this,t=0,n=[];return e.collectResults&&(n[0]={}),function r(){var i=e.deps[t++];i?i.then(function(t){i.results.length>0&&(e.collectResults?i instanceof L?y(n[0],i.results[0]):x(n[0],i.id,i.results[0]):n.push(i.results[0])}),r()}):e.complete.apply(e,n)}(),this} ``` -------------------------------- ### Module Loading and Execution (JavaScript) Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/cf/follow_button.1359077775.htm Defines the C.exports object and prototype methods for module loading and execution, including resolvePath, start, loaded, complete, execute, and exp. Manages module exports and dependencies. ```javascript C.exports={},C.prototype=new N,C.prototype.resolvePath=function(e){return S(H.path,e+".js")},C.prototype.start=function(){var e,t,n=this,r;this.body?this.execute():(e=C.exports[this.id])?this.exp(e):(t=a[this.id])?t.then(function(e){n.exp(e)}):(bundle=q(this.id))?H(bundle,function(){n.start()}):(a[this.id]=this,this.load())},C.prototype.loaded=function(){var e,t,r=this;n?(t=C.exports[this.id])?this.exp(t):(e=a[this.id])&&e.then(function(e){r.exp(e)}):(e=f,f=null,e.id=e.id||this.id,e.then(function(e){r.exp(e)}))},C.prototype.complete=function(){delete a[this.id],N.prototype.complete.apply(this,arguments)},C.prototype.execute=function(){var e=this;typeof this.body=="object"?this.exp(this.body):typeof this.body=="function"&&this.body.apply(window,[function(t){e.exp(t)}])},C.prototype.exp=function(e){this.complete(this.exports=C.exports[this.id]=e||{})} ``` -------------------------------- ### DOM Wrapper Configuration Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/cf/xd_arbiter.htm Provides methods to set and get the root DOM element and the window object for DOM manipulation. Ensures consistent access to these core elements. ```javascript \__d("DOMWrapper",\[\],function(a,b,c,d,e,f){var g,h,i={setRoot:function(j){g=j;},getRoot:function(){return g||document.body;},setWindow:function(j){h=j;},getWindow:function(){return h||self;}};e.exports=i;}); ``` -------------------------------- ### DOM Wrapper for Root and Window Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/deadspin_files/xd_arbiter(1).htm Provides methods to set and get the root DOM element and the window object, abstracting away direct DOM access. ```javascript e.exports=i; ``` -------------------------------- ### DOM Wrapper Configuration Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/Filer_for_fark/xd_arbiter_002.htm Provides methods to set and get the root DOM element and the window object for DOM manipulation utilities. Defaults to `document.body` and `self` if not explicitly set. ```javascript __d("DOMWrapper",[],function(a,b,c,d,e,f){var g,h,i={setRoot:function(j){g=j;},getRoot:function(){return g||document.body;},setWindow:function(j){h=j;},getWindow:function(){return h||self;}};e.exports=i;}); ``` -------------------------------- ### Dependency Collection (JavaScript) Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/cf/follow_button.1359077775.htm Defines the k.prototype for dependency collection, including start and the internal t function for managing and completing dependencies. Collects results from multiple dependencies. ```javascript k.prototype=new T,k.prototype.start=function(){function t(){var t=[];e.collectResults&&(t[0]={});for(var n=0,r;r=e.deps[n];n++){if(!r.completed)return;r.results.length>0&&(e.collectResults?r instanceof L?y(t[0],r.results[0]):x(t[0],r.id,r.results[0]):t=t.concat(r.results))}e.complete.apply(e,t)}var e=this;for(var n=0,r;r=this.deps[n];n++)r.then(t);return this} ``` -------------------------------- ### DOM Wrapper for Root Element and Window Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/deadspin_files/xd_arbiter.htm Provides a centralized way to get and set the root DOM element and the global window object. Defaults to `document.body` and `self` if not explicitly set. ```javascript \__d("DOMWrapper",[],function(a,b,c,d,e,f){var g,h,i={setRoot:function(j){g=j;},getRoot:function(){return g||document.body;},setWindow:function(j){h=j;},getWindow:function(){return h||self;}};e.exports=i;}); ``` -------------------------------- ### Build AntiSamy Project Source: https://github.com/nahsra/antisamy/blob/main/README.md Clone the repository, navigate to the project directory, and run the Maven package command to build and test the project from source. ```bash $ git clone https://github.com/nahsra/antisamy $ cd antisamy $ mvn package ``` -------------------------------- ### Generate GUID Function Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/cf/xd_arbiter(1).htm A simple function to generate a globally unique identifier (GUID). It creates a string starting with 'f' followed by a random hexadecimal number. ```javascript function g(){return 'f'+(Math.random()*(1<<30)).toString(16).replace('.','');}e.exports=g;}); ``` -------------------------------- ### Using Loadrunner with Callbacks (JavaScript) Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/cf/follow_button.1359077775.htm Demonstrates how to use the loadrunner library with a callback function, passing core functionalities like 'using', 'provide', 'loadrunner', and 'define' as arguments. ```javascript __twttrlr(function(using, provide, loadrunner, define) {provide("i18n/languages",function(a){a(["hi","zh-cn","fr","zh-tw","msa","fil","fi","sv","pl","ja","ko","de","it","pt","es","ru","id","tr","da","no","nl","hu","fa","ar","ur","he","th"])});provide("util/querystring",function(a){function b(a){return encodeURIComponent(a).replace(/\+/g,"%2B")}function c(a){return decodeURIComponent(a)}function d(a){var c=[],d;for(d in a)a[d]!==null&&typeof a[d]!="undefined"&&c.push(b(d)+"="+b(a[d]));return c.sort().join("&")}function e(a){var b={},d,e,f,g;if(a){d=a.split("&");for(g=0;f=d[g];g++)e=f.split("="),e.length==2&&(b[c(e[0])]=c(e[1]))}return b}function f(a,b){var c=d(b);return c.length>0?a.indexOf("?")>=0?a+"&"+d(b):a+"?"+d(b):a}function g(a){var b=a&&a.split("?");return b.length==2?e(b[1]):{}}a({url:f,decodeURL:g,decode:e,encode:d,encodePart:b,decodePart:c})});provide("util/params",function(a){using("util/querystring",function(b){var c=function(a){var c=a.search.substr(1);return b.decode(c)},d=function(a){var c=a.href,d=c.indexOf("#"),e=d<0?"":c.substring(d+1);return b.decode(e)},e=function(a){var b={},e=c(a),f=d(a);for(var g in e)e.hasOwnProperty(g)&&(b[g]=e[g]);for(var g in f)f.hasOwnProperty(g)&&(b[g]=f[g]);return b};a({combined:e,fromQuery:c,fromFragment:d})})});provide("tfw/util/env",function(a){usi ``` -------------------------------- ### Get Flash Version Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/cf/xd_arbiter(1).htm Retrieves the installed Flash Player version using browser plugins or ActiveX objects. Returns an array of version numbers or null if not available. ```javascript getVersion:function(){var t='Shockwave Flash',u='application/x-shockwave-flash',v='ShockwaveFlash.ShockwaveFlash',w;if(navigator.plugins&&typeof navigator.plugins[t]=='object'){var x=navigator.plugins[t].description;if(x&&navigator.mimeTypes&&navigator.mimeTypes[u]&&navigator.mimeTypes[u].enabledPlugin)w=x.match(/\d+/g);}if(!w)try{w=(new ActiveXObject(v)).GetVariable('$version').match(/(\d+),(\d+),(\d+),(\d+)/);w=Array.prototype.slice.call(w,1);}catch(y){}return w;} ``` -------------------------------- ### Generate Unique GUID Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/Filer_for_fark/xd_arbiter_002.htm Generates a simple Globally Unique Identifier (GUID) string. Useful for creating unique keys or IDs. ```javascript function g(){return 'f'+(Math.random()*(1<<30)).toString(16).replace('.','');} ``` -------------------------------- ### Initialize Sandbox and Write Standards Document Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/cf/follow_button.1359077775.htm Initializes the sandbox environment and writes a standards document, particularly for older IE versions without CSP. ```javascript entWindow,this.sandbox.doc=this.sandbox.frame.contentWindow.document,this.writeStandardsDoc(),this.sandbox.body=this.sandbox.frame.contentWindow.document.body,this.onReady(this.sandbox)} ``` ```javascript f.prototype.setDocDomain=function(){var a,b=this.registerCallback(this.getCallback(this.onLoad));a=["javascript:",'document.write("");', ``` ```javascript "try { window.parent.document; }","catch (e) {",'document.domain="'+document.domain+'";', ``` ```javascript '}',"window.parent.twttr.sandbox[\'"+b+"\']();"].join(""),this.sandbox.frame.parentNode.removeChild(this.sandbox.frame),this.sandbox.frame=null,this.sandbox.frame=e(this.attrs,this.styles),this.sandbox.frame.src=a,this.appender?this.appender(this.sandbox.frame):document.body.appendChild(this.sandbox.frame)},f.prototype.writeStandardsDoc=function(){if(!c.anyIE()||c.cspEnabledIE())return;var a=["","","
",""+S+">")):W(a,b,L)}else y[z](ba)}else $(u)} ``` -------------------------------- ### Initialize XdArbiter with Query String Parameters Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/deadspin_files/xd_arbiter(1).htm Initializes the XdArbiter, parsing query string parameters from the URL hash to configure cross-domain communication. ```javascript __d("initXdArbiter", ["QueryString", "resolveWindow", "Log", "XDM", "XDMConfig"], function(a, b, c, d, e, f) { var g = b('QueryString'), h = b('resolveWindow'), i = b('Log'), j = b('XDM'), k = c('XDMConfig'), l = location.protocol.replace(':', ''), m = /#(.*)|$/.exec(location.href)[1]; if (!m) { i.error('xd_arbiter.php loaded without a valid hash, referrer: %s', document.referrer); return; } var n = g.decode(m, true); function o(z) { return z ? z.replace(/["'<>()\\]/g, '') : z; } function p(z, aa) { if (window != parent && window.parent != window.parent.parent) try { return parent.parent.XdArbiter.register(window, z, aa); } catch (ba) { i.error('Could not register with XdArbiter in parent.parent'); } return ''; } function q(z, aa) { if (!z || z.length === 0) return true; if (typeof z === 'string') { if (z === aa) return true; i.error('Failed proxying to %s, expected %s', aa, z); } else { var ba = '.' + (/^https?:\/\/([^\/?#]+)/).exec(aa)[1], ca = z.length; while (ca--) { var da = '.' + z[ca]; if (da == ba.substring(ba.length - da.length)) return true; } i.error('Failed proxying to %s, expected %s', ba, z.toString()); } return false; } function r(z, aa, ba) { var ca = z ? h(z) : parent.parent; try { ca.XdArbiter.handleMessage(aa, ba, window); } catch (da) { i.error('Could not reach www.facebook.com using %s', z); return; } } function s() { var z = /^https?:\/\/[^\/]*/.exec(n.origin)[0]; try { var ba = h(n.relation).frames['fb_xdm_frame_' + l]; if (location.search === ba.location.search) { ba.proxyMessage(m, z); } else i.error('Version mismatch: %s, %s', location.search, ba.location.search); } catch (aa) { setTimeout(s, 50); } } function t() { var z = /^(.*)\/(.*)$/.exec(n.origin)[1]; if (window.__fbNative && window.__fbNative.postMessage) { __fbNative.postMessage(m, z); } else { var aa = function(ba) { window.removeEventListener('fbNativeReady', aa); __fbNative.postMessage(m, z); }; window.addEventListener('fbNativeReady', aa); } } if (n.xd_rel) { r(n.xd_rel, n); return; } else if (n.relation) { if (window === top && /FBAN\/\w+;/i.test(navigator.userAgent)) { i.info('Native proxy'); t(); } else { i.info('Legacy proxy to %s', n.relation); s(); } return; } if (l != /https?/.exec(window.name)[0]) { i.info('Redirection to %s detect', l); } }); ``` -------------------------------- ### Policy.getInstance() Source: https://context7.com/nahsra/antisamy/llms.txt Loads a security policy from various sources including files, URLs, and input streams. The default policy can also be loaded directly. ```APIDOC ## Policy.getInstance() ### Description Loads a security policy from a file, URL, or stream. This method is used to initialize the AntiSamy policy object, which is essential for sanitizing HTML content. ### Method `Policy.getInstance(String filePath)` `Policy.getInstance(File file)` `Policy.getInstance(URL url)` `Policy.getInstance(InputStream inputStream)` `Policy.getInstance()` ### Parameters - **filePath** (String) - Required - The path to the policy XML file. - **file** (File) - Required - The File object representing the policy XML file. - **url** (URL) - Required - The URL pointing to the policy XML file. Only `file:` and `jar:` URLs are permitted. - **inputStream** (InputStream) - Required - An InputStream for the policy XML file. Does not support `` tags. ### Usage Examples ```java import org.owasp.validator.html.Policy; import java.io.File; import java.io.InputStream; import java.net.URL; // Load from a classpath resource URL url = MyApp.class.getResource("/antisamy-slashdot.xml"); Policy policyFromUrl = Policy.getInstance(url); // Load from a file path string Policy policyFromPath = Policy.getInstance("/etc/myapp/antisamy-custom.xml"); // Load from a File object Policy policyFromFile = Policy.getInstance(new File("/etc/myapp/antisamy-custom.xml")); // Load from an InputStream try (InputStream is = MyApp.class.getResourceAsStream("/antisamy.xml")) { Policy policyFromStream = Policy.getInstance(is); } // Load the built-in default policy Policy defaultPolicy = Policy.getInstance(); ``` ``` -------------------------------- ### Create XDM Instance Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/cf/xd_arbiter.htm Creates a new instance for cross-domain communication. Requires either 'whenReady' or 'onMessage' callbacks. If 'channel' is not provided, a random one is generated. ```javascript r.create({root:document.body,transport:u,channel:v+'_'+l,channelPath:w,flashUrl:k.Flash.path,onMessage:function(z,aa){if(x!==aa){i.info('Received message from unknown origin %s, expected %s.',aa,x);return;}if(!/^FB_RPC:/.test(z))z=g.decode(z);r(z.relation,z,x);},whenReady:function(z){window.proxyMessage=function(da,ea){if(q(ea,x))z.send(da,x,parent,v);};var aa=null,ba={xd_action:'proxy_ready',data:aa},ca=p(y,x);if(ca)ba.registered=ca;z.send(g.encode(ba),x,parent,v);}});}); ``` -------------------------------- ### GAPI Initialization and Configuration Loading Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/Filer_for_fark/fastbutton.htm Initializes the global gapi object and loads configuration settings. It includes functions for performance monitoring and configuration management, handling various API-related settings. ```javascript (function(){var gapi=window.gapi=window.gapi||{};gapi._bs=new Date().getTime();(function(){var f=!0,g=null,i=!1,l=window,m="push",p="test",q="replace",s="length";var v=l,w=document,aa=v.location,ba=function(){},ca=/\\\[native code\\\],x=function(a,b,c){return a[b]=a[b]||c},da=function(a){for(var b=0;b =k)o[l in o?l:'log'](n) } var j={level:-1,Level:h,debug:ES5(i,'bind',true,null,h.DEBUG,'debug'),info:ES5(i,'bind',true,null,h.INFO,'debug'),warn:ES5(i,'bind',true,null,h.WARNING,'debug'),error:ES5(i,'bind',true,null,h.ERROR,'debug')} e.exports=j ``` -------------------------------- ### Loadrunner Initialization and Configuration (JavaScript) Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/cf/follow_button.1359077775.htm Initializes the loadrunner object, defines its core components (Script, Module, Collection, Sequence, Dependency), and sets up path matching and main script execution based on attributes. ```javascript F.Script=N,F.Module=C,F.Collection=k,F.Sequence=L,F.Dependency=T,F.noConflict=I,e.loadrunner=F,e.using=H,e.provide=M,e.define=P,H.path="",H.matchers=[],H.matchers.add=function(e,t){this.unshift([e,t])},H.matchers.add(/(^script!|\.js$)/,function(e){var t=new N(e.replace(/^\$/,H.path.replace(/\/$/,"")+"/").replace(/^script!/,""),!1);return t.id=e,t}),H.matchers.add(/^\w+$/),H.bundles=[],s&&(H.path=s.getAttribute("data-path")||s.src.split(/loadrunner\.js/)[0]||"",(main=s.getAttribute("data-main"))&&H.apply(e,main.split(/\s\|,\s\*\)).then(function(){})) ``` -------------------------------- ### Check Minimum Flash Version Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/cf/xd_arbiter(1).htm Checks if the installed Flash Player version meets a specified minimum version requirement. Uses a helper function to normalize version strings for comparison. ```javascript checkMinVersion:function(t){var u=s.getVersion();if(!u)return false;return q(u.join('.'))>=q(t);} ``` -------------------------------- ### XDM Initialization and Message Handling Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/deadspin_files/xd_arbiter(1).htm Initializes an XDM instance with specified transport, channel, and path. Handles incoming messages, validating origins and decoding messages before routing them to the appropriate handler. Sets up a proxy message handler for outgoing messages. ```javascript var u=o(n.transport),v=o(n.channel),w=o(n.channel_path),x=o(n.origin),y=o(n.xd_name);if(!/^https?/.test(x)){i.error('Invalid origin presented, aborting.');return;}j.create({root:document.body,transport:u,channel:v+'_'+l,channelPath:w,flashUrl:k.Flash.path,onMessage:function(z,aa){if(x!==aa){i.info('Received message from unknown origin %s, expected %s.',aa,x);return;}if(!/^FB_RPC:/.test(z))z=g.decode(z);r(z.relation,z,x);},whenReady:function(z){window.proxyMessage=function(da,ea){if(q(ea,x))z.send(da,x,parent,v);};var aa=null,ba={xd_action:'proxy_ready',data:aa},ca=p(y,x);if(ca)ba.registered=ca;z.send(g.encode(ba),x,parent,v);}});}); ``` -------------------------------- ### Initialize Like Plugin Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/cf/like.htm Configures and initializes the Facebook Like plugin for a specific element. This includes setting the target URL, connection status, and personalization options. ```javascript ServerJSQueue.add({"instances":[["m_0_1",["PluginConnectButton","m_0_0"], $["{\"plugin\":\"like\",\"identifier\":\"http:\/\/www.facebook.com\/cnninternational\",\"connected\":false,\"canpersonalize\":false,\"autosubmit\":false,\"form\":{\"__m\":\"m_0_0\"}}",1]]],"elements":[[ "m_0_0","u_0_0",2],[ "m_0_2","u_0_0",2],[ "m_0_3","u_0_1",2]],"require":[[ "m_0_1"],["PluginConnection","init",[ "m_0_3"],[[["http:\/\/www.facebook.com\/cnninternational",{\"__m\":\"m_0_3\"},"pluginCountConnected"]]]}}); ``` -------------------------------- ### Script Loading and Management (JavaScript) Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/cf/follow_button.1359077775.htm Defines the N.loaded array and prototype methods for script loading, including start, load, loaded, and complete. Handles script loading, error handling, and state management. ```javascript N.loaded=[],N.prototype=new T,N.prototype.start=function(){var e=this,t,n,r;return(r=a[this.id])?(r.then(function(){e.complete()}),this):(t=u[this.id])?t.then(function(){e.loaded()}):!this.force&&E(N.loaded,this.id)>-1?this.loaded():(n=q(this.id))?H(n,function(){e.loaded()}):this.load(),this)},N.prototype.load=function(){var t=this;u[this.id]=t;var n=o.cloneNode(!1);this.scriptId=n.id="LR"++i,n.type="text/javascript",n.async=!0,n.onerror=function(){throw new Error(t.path+" not loaded")},n.onreadystatechange=n.onload=function(n){n=e.event||n;if(n.type=="load"||E(["loaded","complete"],this.readyState)>-1)this.onreadystatechange=null,t.loaded()},n.src=this.path,l=this,r[0].parentNode.insertBefore(n,r[0]),l=null,c[n.id]=this},N.prototype.loaded=function(){this.complete()},N.prototype.complete=function(){E(N.loaded,this.id)==-1&&N.loaded.push(this.id),delete u[this.id],T.prototype.complete.apply(this,arguments)} ``` -------------------------------- ### Initialize Cross-Domain Arbiter Configuration Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/deadspin_files/xd_arbiter(1).htm Initializes the XDM (Cross-Domain Messaging) configuration, specifying paths for Flash objects and handling different initialization scenarios. ```javascript __d("XDMConfig", [], {"Flash":{"path":"https:\/\/connect.facebook.net\/rsrc.php\/v1\/ys\/r\/WON-TVLCpDP.swf"}}); ``` -------------------------------- ### ES5 Object Create and Keys Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/cf/xd_arbiter.htm Provides Object.create for creating objects with a specified prototype and Object.keys for enumerating own properties. ```javascript var g={};g.create=function(h){var i=typeof h;if(i!='object'&&i!='function')throw new TypeError('Object prototype may only be a Object or null');var j=new Function();j.prototype=h;return new j();};g.keys=function(h){var i=typeof h;if(i!='object'&&i!='function'||h===null)throw new TypeError('Object.keys called on non-object');var j=[];for(var k in h)if(Object.prototype.hasOwnProperty.call(h,k))j.push(k);var l=!({toString:true}).propertyIsEnumerable('toString'),m=['toString','toLocaleString','valueOf','hasOwnProperty','isPrototypeOf','prototypeIsEnumerable','constructor'];if(l)for(var n=0;n tags) try (InputStream is = MyApp.class.getResourceAsStream("/antisamy.xml")) { Policy policyFromStream = Policy.getInstance(is); } // Load the built-in default policy (antisamy.xml bundled in the JAR) Policy defaultPolicy = Policy.getInstance(); ``` -------------------------------- ### Initialize XD Arbiter with Fragment Transport Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/cf/xd_arbiter(1).htm Initializes the XD Arbiter using the fragment transport. This is suitable for cross-domain communication where other transports might not be available. It sets up message listeners and handles the initial ready state. ```javascript j.create({ root: document.body, transport: u, channel: v + '_' + l, channelPath: w, flashUrl: k.Flash.path, onMessage: function(z, aa) { if (x !== aa) { i.info('Received message from unknown origin %s, expected %s.', aa, x); return; } if (!/^FB_RPC:/.test(z)) z = g.decode(z); r(z.relation, z, x); }, whenReady: function(z) { window.proxyMessage = function(da, ea) { if (q(ea, x)) z.send(da, x, parent, v); }; var aa = null, ba = { xd_action: 'proxy_ready', data: aa }, ca = p(y, x); if (ca) ba.registered = ca; z.send(g.encode(ba), x, parent, v); } }); ``` -------------------------------- ### Initialize PostMessage Communication Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/cf/xd_arbiter(1).htm Initializes the postMessage communication channel for cross-domain messaging. Ensure the 'whenReady' callback is used to handle initialization. ```javascript r.register('postmessage', (function() { var s = false; return { isAvailable: function() { return !!p.postMessage; }, init: function(t) { j.debug('init postMessage: ' + t.channel); var u = '_FB_' + t.channel, v = { send: function(w, x, y, z) { if (p === y) { j.error('Invalid windowref, equal to window (self)'); throw new Error(); } j.debug('sending to: %s (%s)', x, z); var aa = function() { y.postMessage('__FB__' + z + w, x); }; if (k.ie() == 8) { setTimeout(aa, 0); } else aa(); } }; if (s) { t.whenReady(v); return; } g.add(p, 'message', function(event) { var w = event.data, x = event.origin || 'native'; if (typeof w != 'string') { j.warn('Received message of type %s from %s, expected a string', typeof w, x); return; } j.debug('received message %s from %s', w, x); if (w.substring(0, u.length) == u) w = w.substring(u.length); t.onMessage(w, x); }); t.whenReady(v); s = true; } }; })()); ``` -------------------------------- ### Initialize and Flush Environment Data Source: https://github.com/nahsra/antisamy/blob/main/src/test/resources/s/cf/activity.htm Initializes and flushes environment data for the Facebook activity plugin. Use this to set user, locale, and other configuration parameters. ```javascript function envFlush(a){function b(c){for(var d in a)c\[d\]=a\[d\];}if(window.requireLazy){requireLazy(\[\'Env\'\],b);}else{Env=window.Env||{};b(Env);}}envFlush({"user":"0","locale":"en\_US","method":"GET","svn\_rev":719720,"tier":"","vip":"173.252.100.27","static\_base":"http:\/\/static.ak.fbcdn.net\/","www\_base":"http:\/\/www.facebook.com\/","rep\_lag":2,"fb\_dtsg":"AQD\_c-C5","ajaxpipe\_token":"AXgNjbFMqYRTcT4h","no\_cookies":1,"lhsh":"yAQF7f-xt","tracking\_domain":"http:\/\/pixel.facebook.com","retry\_ajax\_on\_network\_error":"1","fbid\_emoticons":"1"});envFlush({"eagleEyeConfig":{"seed":"16Wm","sessionStorage":true}});CavalryLogger=false;window.\[\'\_script\_path\' \] = \"\/plugins\/activity.php\"; ```