You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Robert Munteanu (JIRA)" <ji...@apache.org> on 2018/07/12 09:12:00 UTC
[jira] [Closed] (SLING-7771)
org.apache.sling.xss.impl.XSSFilterImpl#isValidHref can throw exceptions
for illegal hex escape sequences
[ https://issues.apache.org/jira/browse/SLING-7771?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Munteanu closed SLING-7771.
----------------------------------
> org.apache.sling.xss.impl.XSSFilterImpl#isValidHref can throw exceptions for illegal hex escape sequences
> ---------------------------------------------------------------------------------------------------------
>
> Key: SLING-7771
> URL: https://issues.apache.org/jira/browse/SLING-7771
> Project: Sling
> Issue Type: Bug
> Components: Extensions
> Affects Versions: XSS Protection API 2.0.4, XSS Protection API 2.0.6, XSS Protection API 2.0.8
> Reporter: Radu Cotescu
> Assignee: Radu Cotescu
> Priority: Major
> Fix For: XSS Protection API 2.0.10
>
>
> The fix introduced in SLING-7323 allows {{IllegalArgumentException}} to be thrown in case a URL contains illegal hex escape characters. Instead of throwing a {{RuntimeException}}, the implementation should just return {{false}} and log the exception.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)