You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Radu Cotescu (Jira)" <ji...@apache.org> on 2020/09/25 13:25:01 UTC

[jira] [Created] (SLING-9768) The org.apache.sling.api.scripting.SlingScript#getScriptResource implementations should not leak the scripting resolver

Radu Cotescu created SLING-9768:
-----------------------------------

             Summary: The org.apache.sling.api.scripting.SlingScript#getScriptResource implementations should not leak the scripting resolver
                 Key: SLING-9768
                 URL: https://issues.apache.org/jira/browse/SLING-9768
             Project: Sling
          Issue Type: Bug
          Components: Scripting
    Affects Versions: Scripting HTL Engine 1.4.2-1.4.0, Scripting Core 2.3.0
            Reporter: Radu Cotescu
            Assignee: Radu Cotescu
             Fix For: Scripting Core 2.3.4, Scripting HTL Engine 1.4.4-1.4.0


Since the {{SlingScript}} is usually made available via the {{bindings}} to the current executing script, the resolver that can be accessed via {{org.apache.sling.api.scripting.SlingScript#getScriptResource}} should not give elevated access to the caller. This means that either the caller is responsible for the mapped resolver (by getting a mapped resolver to the bundle the caller comes from via script precompilation), or the resolver should be the request resolver.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)