You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2017/11/07 10:25:47 UTC
[sling-org-apache-sling-xss] annotated tag
org.apache.sling.xss-1.0.2 created (now 6835c01)
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a change to annotated tag org.apache.sling.xss-1.0.2
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-xss.git.
at 6835c01 (tag)
tagging 254088a2feeabfcb5a1950d37b3e1deec3f4dea3 (commit)
by Radu Cotescu
on Tue Mar 24 15:24:52 2015 +0000
- Log -----------------------------------------------------------------
org.apache.sling.xss-1.0.2
-----------------------------------------------------------------------
This annotated tag includes the following new commits:
new fa872fd SLING-3959 - XSS module contribution
new 675462e SLING-4176 - Added validation/filtering for StyleToken context
new a62edf2 SLING-4187 Move XSS and Validation to Extensions
new 8b8e0d5 SLING-4185 The org.apache.sling.xss bundle should properly export its API
new 07248d8 SLING-4177 Properly XSS escape CSS style string
new bc82200 SLING-4236 Clarify XSSAPI with respect to null and empty input strings
new 6111390 Remove unused dependencies
new 11c36ee SLING-4176 - Sightly: StyleToken context is doing nothing
new 7260fa1 SLING-4428 - Sightly: scriptComment and styleComment contexts are not doing anything
new 5cf95dc SLING-4484 - XSS POM references wrong scm URLs
new c270b5d [maven-release-plugin] prepare release org.apache.sling.xss-1.0.0
new 08c5a20 [maven-release-plugin] prepare for next development iteration
new 65c895f @releng: rolled back 1.0.1-SNAPSHOT version; added configuration for rat
new 4250574 @trivial: removed redundant rat.exclude file
new 86e155d [maven-release-plugin] prepare release org.apache.sling.xss-1.0.0
new 00a86c3 [maven-release-plugin] prepare for next development iteration
new ea718f3 @releng: rolled back 1.0.1-SNAPSHOT version
new 10c577c SLING-4492 - Prevent configuring the ESAPI policies through random content files
new 92ecaa0 [maven-release-plugin] prepare release org.apache.sling.xss-1.0.0
new 45f8600 [maven-release-plugin] prepare for next development iteration
new 293a000 SLING-4542 - The XSSFilterImpl cannot always be successfully activated
new 00f1c7a [maven-release-plugin] prepare release org.apache.sling.xss-1.0.2
new 254088a [maven-release-plugin] copy for tag org.apache.sling.xss-1.0.2
The 23 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
--
To stop receiving notification emails like this one, please contact
['"commits@sling.apache.org" <co...@sling.apache.org>'].
[sling-org-apache-sling-xss] 03/04: [maven-release-plugin] prepare
release org.apache.sling.xss-1.0.2
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.xss-1.0.2
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-xss.git
commit 00f1c7aaa9f81ba3250ff7e7ce63e7738ee194b2
Author: Radu Cotescu <ra...@apache.org>
AuthorDate: Tue Mar 24 15:24:37 2015 +0000
[maven-release-plugin] prepare release org.apache.sling.xss-1.0.2
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/xss@1668918 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/pom.xml b/pom.xml
index 26adbc7..5cdf546 100644
--- a/pom.xml
+++ b/pom.xml
@@ -32,7 +32,7 @@
<!-- ======================================================================= -->
<artifactId>org.apache.sling.xss</artifactId>
<packaging>bundle</packaging>
- <version>1.0.1-SNAPSHOT</version>
+ <version>1.0.2</version>
<name>Apache Sling XSS Protection Bundle</name>
<description>
@@ -40,9 +40,9 @@
</description>
<scm>
- <connection>scm:svn:http://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/xss</connection>
- <developerConnection>scm:svn:https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/xss</developerConnection>
- <url>http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/xss</url>
+ <connection>scm:svn:http://svn.apache.org/repos/asf/sling/tags/org.apache.sling.xss-1.0.2</connection>
+ <developerConnection>scm:svn:https://svn.apache.org/repos/asf/sling/tags/org.apache.sling.xss-1.0.2</developerConnection>
+ <url>http://svn.apache.org/viewvc/sling/tags/org.apache.sling.xss-1.0.2</url>
</scm>
<properties>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-xss] 04/04: [maven-release-plugin] copy for
tag org.apache.sling.xss-1.0.2
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.xss-1.0.2
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-xss.git
commit 254088a2feeabfcb5a1950d37b3e1deec3f4dea3
Author: Radu Cotescu <ra...@apache.org>
AuthorDate: Tue Mar 24 15:24:52 2015 +0000
[maven-release-plugin] copy for tag org.apache.sling.xss-1.0.2
git-svn-id: https://svn.apache.org/repos/asf/sling/tags/org.apache.sling.xss-1.0.2@1668919 13f79535-47bb-0310-9956-ffa450edef68
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-xss] 02/04: SLING-4542 - The XSSFilterImpl
cannot always be successfully activated
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.xss-1.0.2
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-xss.git
commit 293a000041b48faef620f4f968719cbee9fc8822
Author: Radu Cotescu <ra...@apache.org>
AuthorDate: Tue Mar 24 15:19:59 2015 +0000
SLING-4542 - The XSSFilterImpl cannot always be successfully activated
* use the default policy file from the bundle until a policy file is installed in the repository
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/xss@1668917 13f79535-47bb-0310-9956-ffa450edef68
---
.../org/apache/sling/xss/impl/XSSFilterImpl.java | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/src/main/java/org/apache/sling/xss/impl/XSSFilterImpl.java b/src/main/java/org/apache/sling/xss/impl/XSSFilterImpl.java
index d7c6bb0..2779dba 100644
--- a/src/main/java/org/apache/sling/xss/impl/XSSFilterImpl.java
+++ b/src/main/java/org/apache/sling/xss/impl/XSSFilterImpl.java
@@ -67,6 +67,7 @@ public class XSSFilterImpl implements XSSFilter, EventHandler {
public void handleEvent(final Event event) {
final String path = (String) event.getProperty(SlingConstants.PROPERTY_PATH);
if (path.endsWith("/" + DEFAULT_POLICY_PATH)) {
+ LOGGER.debug("Detected policy file change at {}. Updating default handler.", path);
updateDefaultHandler();
}
}
@@ -110,6 +111,21 @@ public class XSSFilterImpl implements XSSFilter, EventHandler {
LOGGER.error("Unable to load policy from " + policyResource.getPath(), e);
}
}
+ } else {
+ // the content was not installed but the service is active; let's use the embedded file for the default handler
+ LOGGER.debug("Could not find a policy file at the default location {}. Attempting to use the default resource embedded in" +
+ " the bundle.", DEFAULT_POLICY_PATH);
+ InputStream policyStream = this.getClass().getClassLoader().getResourceAsStream("SLING-INF/content/config.xml");
+ if (policyStream != null) {
+ try {
+ if (defaultHandler == null) {
+ defaultHandler = new PolicyHandler(policyStream);
+ policyStream.close();
+ }
+ } catch (Exception e) {
+ LOGGER.error("Unable to load policy from embedded policy file.", e);
+ }
+ }
}
if (defaultHandler == null) {
throw new IllegalStateException("Cannot load a default policy handler.");
@@ -167,14 +183,17 @@ public class XSSFilterImpl implements XSSFilter, EventHandler {
return ctx.filter(handler, src);
}
+ @SuppressWarnings("unused")
public void setDefaultPolicy(InputStream policyStream) throws Exception {
defaultHandler = new PolicyHandler(policyStream);
}
+ @SuppressWarnings("unused")
public void resetDefaultPolicy() {
updateDefaultHandler();
}
+ @SuppressWarnings("unused")
public void loadPolicy(String policyName, InputStream policyStream) throws Exception {
if (policies.size() < DEFAULT_POLICY_CACHE_SIZE) {
PolicyHandler policyHandler = new PolicyHandler(policyStream);
@@ -182,10 +201,12 @@ public class XSSFilterImpl implements XSSFilter, EventHandler {
}
}
+ @SuppressWarnings("unused")
public void unloadPolicy(String policyName) {
policies.remove(policyName);
}
+ @SuppressWarnings("unused")
public boolean hasPolicy(String policyName) {
return policies.containsKey(policyName);
}
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-xss] 01/04: [maven-release-plugin] prepare
for next development iteration
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.xss-1.0.2
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-xss.git
commit 45f860075c7cccacc5d83ac29da2c07532ae6ec8
Author: Radu Cotescu <ra...@apache.org>
AuthorDate: Mon Mar 16 11:23:28 2015 +0000
[maven-release-plugin] prepare for next development iteration
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/xss@1666963 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/pom.xml b/pom.xml
index fd44ff6..26adbc7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -32,7 +32,7 @@
<!-- ======================================================================= -->
<artifactId>org.apache.sling.xss</artifactId>
<packaging>bundle</packaging>
- <version>1.0.0</version>
+ <version>1.0.1-SNAPSHOT</version>
<name>Apache Sling XSS Protection Bundle</name>
<description>
@@ -40,9 +40,9 @@
</description>
<scm>
- <connection>scm:svn:http://svn.apache.org/repos/asf/sling/tags/org.apache.sling.xss-1.0.0</connection>
- <developerConnection>scm:svn:https://svn.apache.org/repos/asf/sling/tags/org.apache.sling.xss-1.0.0</developerConnection>
- <url>http://svn.apache.org/viewvc/sling/tags/org.apache.sling.xss-1.0.0</url>
+ <connection>scm:svn:http://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/xss</connection>
+ <developerConnection>scm:svn:https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/xss</developerConnection>
+ <url>http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/xss</url>
</scm>
<properties>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.