You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Carsten Ziegeler (JIRA)" <ji...@apache.org> on 2017/04/26 09:36:04 UTC

[jira] [Created] (SLING-6793) Remove unused methods from XSSAPI

Carsten Ziegeler created SLING-6793:
---------------------------------------

             Summary: Remove unused methods from XSSAPI
                 Key: SLING-6793
                 URL: https://issues.apache.org/jira/browse/SLING-6793
             Project: Sling
          Issue Type: Improvement
          Components: XSS Protection API
            Reporter: Carsten Ziegeler
             Fix For: XSS Protection API 1.0.20


The XSSAPI defines two methods:
    XSSAPI getRequestSpecificAPI(SlingHttpServletRequest request);
    XSSAPI getResourceResolverSpecificAPI(ResourceResolver resourceResolver);

which imply that there is some user specific xss checking for validating hrefs. However user specific xss validation is neither implemented nor does it make sense.

Therefore we should remove these methods

At the same time we should remove the XSSAPIAdapterFactory as this is abusing the adapter pattern. Getting an XSSAPI service in Java or JSP is easy and there is no need to use the adapter pattern here.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)