You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Radu Cotescu (JIRA)" <ji...@apache.org> on 2019/01/29 12:31:00 UTC

[jira] [Closed] (SLING-8235) Stop copying the AntiSamy configuration to the repository

     [ https://issues.apache.org/jira/browse/SLING-8235?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Radu Cotescu closed SLING-8235.
-------------------------------

> Stop copying the AntiSamy configuration to the repository
> ---------------------------------------------------------
>
>                 Key: SLING-8235
>                 URL: https://issues.apache.org/jira/browse/SLING-8235
>             Project: Sling
>          Issue Type: Improvement
>            Reporter: Radu Cotescu
>            Assignee: Radu Cotescu
>            Priority: Major
>             Fix For: XSS Protection API 2.1.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Currently the {{org.apache.sling.xss}} bundle copies the default AntiSamy configuration to the repository, with the help of the {{org.apache.sling.jcr.contentloader}}. However, the whole operation is redundant, since the bundle would anyways use this embedded file if the {{org.apache.sling.xss.impl.XSSFilterImpl}} is not configured to use another {{Resource}}.
> The {{org.apache.sling.xss}} bundle should therefore stop providing the {{Sling-Initial-Content}} header, allowing the bundle to also work when the resource tree is not provided by a JCR repository, and provide an optional Felix web console plugin, to allow developers / users to inspect the embedded AntiSamy config, if they need to adapt it to a customised one.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)