Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Currently the org.apache.sling.xss bundle copies the default AntiSamy configuration to the repository, with the help of the org.apache.sling.jcr.contentloader. However, the whole operation is redundant, since the bundle would anyways use this embedded file if the org.apache.sling.xss.impl.XSSFilterImpl is not configured to use another Resource.
The org.apache.sling.xss bundle should therefore stop providing the Sling-Initial-Content header, allowing the bundle to also work when the resource tree is not provided by a JCR repository, and provide an optional Felix web console plugin, to allow developers / users to inspect the embedded AntiSamy config, if they need to adapt it to a customised one.
Attachments
Issue Links
- links to