You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Radu Cotescu (JIRA)" <ji...@apache.org> on 2019/01/29 12:31:00 UTC
[jira] [Closed] (SLING-8235) Stop copying the AntiSamy
configuration to the repository
[ https://issues.apache.org/jira/browse/SLING-8235?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Radu Cotescu closed SLING-8235.
-------------------------------
> Stop copying the AntiSamy configuration to the repository
> ---------------------------------------------------------
>
> Key: SLING-8235
> URL: https://issues.apache.org/jira/browse/SLING-8235
> Project: Sling
> Issue Type: Improvement
> Reporter: Radu Cotescu
> Assignee: Radu Cotescu
> Priority: Major
> Fix For: XSS Protection API 2.1.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Currently the {{org.apache.sling.xss}} bundle copies the default AntiSamy configuration to the repository, with the help of the {{org.apache.sling.jcr.contentloader}}. However, the whole operation is redundant, since the bundle would anyways use this embedded file if the {{org.apache.sling.xss.impl.XSSFilterImpl}} is not configured to use another {{Resource}}.
> The {{org.apache.sling.xss}} bundle should therefore stop providing the {{Sling-Initial-Content}} header, allowing the bundle to also work when the resource tree is not provided by a JCR repository, and provide an optional Felix web console plugin, to allow developers / users to inspect the embedded AntiSamy config, if they need to adapt it to a customised one.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)