Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-7771

org.apache.sling.xss.impl.XSSFilterImpl#isValidHref can throw exceptions for illegal hex escape sequences

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: XSS Protection API 2.0.4, XSS Protection API 2.0.6, XSS Protection API 2.0.8
    • Fix Version/s: XSS Protection API 2.0.10
    • Component/s: Extensions
    • Labels:
      None

      Description

      The fix introduced inĀ SLING-7323 allows IllegalArgumentException to be thrown in case a URL contains illegal hex escape characters. Instead of throwing a RuntimeException, the implementation should just return false and log the exception.

        Attachments

          Activity

            People

            • Assignee:
              radu Radu Cotescu
              Reporter:
              radu Radu Cotescu

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment