Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-7771

org.apache.sling.xss.impl.XSSFilterImpl#isValidHref can throw exceptions for illegal hex escape sequences

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: XSS Protection API 2.0.4, XSS Protection API 2.0.6, XSS Protection API 2.0.8
    • Fix Version/s: XSS Protection API 2.0.10
    • Component/s: Extensions
    • Labels:
      None

      Description

      The fix introduced inĀ SLING-7323 allows IllegalArgumentException to be thrown in case a URL contains illegal hex escape characters. Instead of throwing a RuntimeException, the implementation should just return false and log the exception.

        Attachments

          Activity

            People

            • Assignee:
              radu.cotescu Radu Cotescu
              Reporter:
              radu.cotescu Radu Cotescu
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: