Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-8235

Stop copying the AntiSamy configuration to the repository

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • XSS Protection API 2.1.0
    • None
    • None

    Description

      Currently the org.apache.sling.xss bundle copies the default AntiSamy configuration to the repository, with the help of the org.apache.sling.jcr.contentloader. However, the whole operation is redundant, since the bundle would anyways use this embedded file if the org.apache.sling.xss.impl.XSSFilterImpl is not configured to use another Resource.

      The org.apache.sling.xss bundle should therefore stop providing the Sling-Initial-Content header, allowing the bundle to also work when the resource tree is not provided by a JCR repository, and provide an optional Felix web console plugin, to allow developers / users to inspect the embedded AntiSamy config, if they need to adapt it to a customised one.

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #4

          Activity

            People

              radu Radu Cotescu
              radu Radu Cotescu
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m