[SLING-7771] org.apache.sling.xss.impl.XSSFilterImpl#isValidHref can throw exceptions for illegal hex escape sequences - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: XSS Protection API 2.0.4, XSS Protection API 2.0.6, XSS Protection API 2.0.8
Fix Version/s: XSS Protection API 2.0.10
Component/s: Extensions
Labels:
None

Description

The fix introduced in ~~SLING-7323~~ allows IllegalArgumentException to be thrown in case a URL contains illegal hex escape characters. Instead of throwing a RuntimeException, the implementation should just return false and log the exception.

Attachments

Activity

People

Assignee:: Radu Cotescu

Reporter:: Radu Cotescu

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 08/Jul/18 13:16

Updated:: 12/Jul/18 09:11

Resolved:: 08/Jul/18 13:21