You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2014/11/19 17:08:51 UTC
svn commit: r1640585 - in
/sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss:
JSONUtil.java ProtectionContext.java XSSAPI.java XSSFilter.java
package-info.java
Author: fmeschbe
Date: Wed Nov 19 16:08:50 2014
New Revision: 1640585
URL: http://svn.apache.org/r1640585
Log:
SLING-4185 The org.apache.sling.xss bundle should properly export its API
Applying slightly modified patch by Radu Cotescu (Thanks alot).
Modified:
sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/JSONUtil.java
sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/ProtectionContext.java
sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/XSSAPI.java
sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/XSSFilter.java
sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/package-info.java
Modified: sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/JSONUtil.java
URL: http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/JSONUtil.java?rev=1640585&r1=1640584&r2=1640585&view=diff
==============================================================================
--- sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/JSONUtil.java (original)
+++ sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/JSONUtil.java Wed Nov 19 16:08:50 2014
@@ -24,16 +24,18 @@ import org.apache.sling.commons.json.io.
* JSON utilities
* <p/>
* Support for handling xss protected values with JSON objects and JSON writers.
- *
- * @since 1.0.0
*/
-public class JSONUtil {
+public final class JSONUtil {
/**
* Key suffix for XSS protected properties
*/
public static final String KEY_SUFFIX_XSS = "_xss";
+ // no instantiation
+ private JSONUtil() {
+ }
+
/**
* Puts a xss protected value into a JSON object.
* The value is put under the provided key.
Modified: sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/ProtectionContext.java
URL: http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/ProtectionContext.java?rev=1640585&r1=1640584&r2=1640585&view=diff
==============================================================================
--- sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/ProtectionContext.java (original)
+++ sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/ProtectionContext.java Wed Nov 19 16:08:50 2014
@@ -16,13 +16,12 @@
******************************************************************************/
package org.apache.sling.xss;
+
/**
* This enumeration defines the context for executing XSS protection.
* <p/>
* The specified rules refer to
* http://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
- *
- * @since 1.0
*/
public enum ProtectionContext {
/**
Modified: sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/XSSAPI.java
URL: http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/XSSAPI.java?rev=1640585&r1=1640584&r2=1640585&view=diff
==============================================================================
--- sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/XSSAPI.java (original)
+++ sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/XSSAPI.java Wed Nov 19 16:08:50 2014
@@ -20,6 +20,8 @@ package org.apache.sling.xss;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.resource.ResourceResolver;
+import aQute.bnd.annotation.ProviderType;
+
/**
* A service providing validators and encoders for XSS protection during the composition of HTML
* pages.
@@ -31,6 +33,7 @@ import org.apache.sling.api.resource.Res
* <p/>
* When in doubt, use a validator.
*/
+@ProviderType
public interface XSSAPI {
// =============================================================================================
Modified: sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/XSSFilter.java
URL: http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/XSSFilter.java?rev=1640585&r1=1640584&r2=1640585&view=diff
==============================================================================
--- sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/XSSFilter.java (original)
+++ sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/XSSFilter.java Wed Nov 19 16:08:50 2014
@@ -16,12 +16,13 @@
******************************************************************************/
package org.apache.sling.xss;
+import aQute.bnd.annotation.ProviderType;
+
/**
* This service should be used to protect output against potential XSS attacks.
* The protection is context based.
- *
- * @since 1.0
*/
+@ProviderType
public interface XSSFilter {
/**
Modified: sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/package-info.java
URL: http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/package-info.java?rev=1640585&r1=1640584&r2=1640585&view=diff
==============================================================================
--- sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/package-info.java (original)
+++ sling/trunk/contrib/extensions/xss/src/main/java/org/apache/sling/xss/package-info.java Wed Nov 19 16:08:50 2014
@@ -20,9 +20,7 @@
* @version 1.0.0
*/
@Version("1.0.0")
-@Export(optional = "provide:=true")
package org.apache.sling.xss;
-import aQute.bnd.annotation.Export;
import aQute.bnd.annotation.Version;