[SLING-4492] Prevent configuring the ESAPI policies through random content files - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: XSS Protection API 1.0.0
Component/s: XSS Protection API
Labels:
None

Description

Currently the default ESAPI policies are configured through a file from the repository - /libs/sling/xss/config.xml. However, the proposed XSSFilter API allows filtering using random policy files. The configuration should be performed only through the /libs/sling/xss/config.xml file, or through an /apps overlay.

Attachments

Activity

People

Assignee:: Radu Cotescu

Reporter:: Radu Cotescu

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 10/Mar/15 16:00

Updated:: 12/Aug/16 08:37

Resolved:: 12/Mar/15 14:10