Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-11882

XSS Protection API: Apply shading/package relocation to embedded Guava+Co Libraries

    XMLWordPrintableJSON

Details

    Description

      with version 2.3.0 of the XSS Protection API the internal implementation was switched to OWASP sanitizer library (esapi) in SLING-7231.

      with this new implementation comes a load of 3rdparty libraries including a guava version, which is embedded as private packages in the OSGi bundle. this is completely fine from an OSGi bundle perspective and works.

      however, in unit test contexts this can lead to problems, because depending on the dependency order the embedded guava classes may overlay other guava classes references in the same POM with a different version, leading to problems running code in the unit test context. to prevent problems like this, we usually apply a shading and relocation of the package names to ensure such clashes in classpath does no happen.

      the same problem may affect other libraries embedded in the bundle.

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. SLING-7231 Move to owasp sanitizer library

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          links to

          Web Link GitHub Pull Request #34

          Activity

            People

              sseifert Stefan Seifert
              sseifert Stefan Seifert
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: