You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Radu Cotescu (Jira)" <ji...@apache.org> on 2020/08/04 12:36:00 UTC

[jira] [Closed] (SLING-9613) java.lang.StackOverflowError in XSSFilterImpl.filter for long URLs

     [ https://issues.apache.org/jira/browse/SLING-9613?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Radu Cotescu closed SLING-9613.
-------------------------------

> java.lang.StackOverflowError in XSSFilterImpl.filter for long URLs
> ------------------------------------------------------------------
>
>                 Key: SLING-9613
>                 URL: https://issues.apache.org/jira/browse/SLING-9613
>             Project: Sling
>          Issue Type: Bug
>          Components: XSS Protection API
>    Affects Versions: XSS Protection API 2.0.8, XSS Protection API 2.1.0, XSS Protection API 2.2.0
>            Reporter: Radu Cotescu
>            Assignee: Radu Cotescu
>            Priority: Major
>             Fix For: XSS Protection API 2.2.6
>
>
> Attempting to filter the following HTML snippet results in a {{StackOverflowError}}:
> {code:html}
> <a href="https://google.com/t/r/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"> Click here to access replay webcast</a>
> {code}
> {code:java}
> java.lang.StackOverflowError
> 	at java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3939)
> 	at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4804)
> 	at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4749)
> 	at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4804)
> 	at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4941)
> 	at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4863)
> 	at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4713)
> 	at java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3964)
> 	at java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3964)
> 	at java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3964)
> 	at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4749)
> 	at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4804)
> 	at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4941)
> 	at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4863)
> 	at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4713)
> 	at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4863)
> 	at java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4306)
> 	at java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3940)
> 	at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4804)
> 	at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4749)
> 	at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4804)
>         ...
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)