You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sling.apache.org by ro...@apache.org on 2022/02/03 15:05:45 UTC

[sling-org-apache-sling-xss] 01/01: SLING-11111 - Update to AntiSamy 1.6.5

This is an automated email from the ASF dual-hosted git repository.

rombert pushed a commit to branch feature/SLING-11111
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-xss.git

commit 529d6ec3b5f63be954481f055a15c00c73f72c0a
Author: Robert Munteanu <ro...@apache.org>
AuthorDate: Thu Feb 3 16:04:33 2022 +0100

    SLING-11111 - Update to AntiSamy 1.6.5
    
    Update the dependency version and ensure that we use the right TransformerFactory.
---
 pom.xml                                                    | 2 +-
 src/main/java/org/apache/sling/xss/impl/PolicyHandler.java | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 6353efa..8a48dd1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -187,7 +187,7 @@
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
-            <version>1.6.4</version>
+            <version>1.6.5</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
diff --git a/src/main/java/org/apache/sling/xss/impl/PolicyHandler.java b/src/main/java/org/apache/sling/xss/impl/PolicyHandler.java
index 2e737c2..7e6d387 100644
--- a/src/main/java/org/apache/sling/xss/impl/PolicyHandler.java
+++ b/src/main/java/org/apache/sling/xss/impl/PolicyHandler.java
@@ -40,6 +40,11 @@ public class PolicyHandler {
      * @param policyStream the InputStream from which to read this handler's {@link Policy}
      */
     public PolicyHandler(InputStream policyStream) throws Exception {
+
+        // ensure that when AntiSamy is initialised it finds the transformer factory that we want it to
+        // See https://github.com/nahsra/antisamy/commit/7ff740de5cd3577c49aca61c985f376de9f8884c
+        System.setProperty("antisamy.transformerfactory.impl", AttributeTranslatingTransformerFactoryImpl.class.getName());
+
         // fix for classloader issue with IBM JVM: see bug #31946
         // (currently: http://bugs.day.com/bugzilla/show_bug.cgi?id=31946)
         Thread currentThread = Thread.currentThread();