You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sling.apache.org by ro...@apache.org on 2022/02/03 15:05:44 UTC

[sling-org-apache-sling-xss] branch feature/SLING-11111 created (now 529d6ec)

This is an automated email from the ASF dual-hosted git repository.

rombert pushed a change to branch feature/SLING-11111
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-xss.git.


      at 529d6ec  SLING-11111 - Update to AntiSamy 1.6.5

This branch includes the following new commits:

     new 529d6ec  SLING-11111 - Update to AntiSamy 1.6.5

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[sling-org-apache-sling-xss] 01/01: SLING-11111 - Update to AntiSamy 1.6.5

Posted by ro...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

rombert pushed a commit to branch feature/SLING-11111
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-xss.git

commit 529d6ec3b5f63be954481f055a15c00c73f72c0a
Author: Robert Munteanu <ro...@apache.org>
AuthorDate: Thu Feb 3 16:04:33 2022 +0100

    SLING-11111 - Update to AntiSamy 1.6.5
    
    Update the dependency version and ensure that we use the right TransformerFactory.
---
 pom.xml                                                    | 2 +-
 src/main/java/org/apache/sling/xss/impl/PolicyHandler.java | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 6353efa..8a48dd1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -187,7 +187,7 @@
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
-            <version>1.6.4</version>
+            <version>1.6.5</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
diff --git a/src/main/java/org/apache/sling/xss/impl/PolicyHandler.java b/src/main/java/org/apache/sling/xss/impl/PolicyHandler.java
index 2e737c2..7e6d387 100644
--- a/src/main/java/org/apache/sling/xss/impl/PolicyHandler.java
+++ b/src/main/java/org/apache/sling/xss/impl/PolicyHandler.java
@@ -40,6 +40,11 @@ public class PolicyHandler {
      * @param policyStream the InputStream from which to read this handler's {@link Policy}
      */
     public PolicyHandler(InputStream policyStream) throws Exception {
+
+        // ensure that when AntiSamy is initialised it finds the transformer factory that we want it to
+        // See https://github.com/nahsra/antisamy/commit/7ff740de5cd3577c49aca61c985f376de9f8884c
+        System.setProperty("antisamy.transformerfactory.impl", AttributeTranslatingTransformerFactoryImpl.class.getName());
+
         // fix for classloader issue with IBM JVM: see bug #31946
         // (currently: http://bugs.day.com/bugzilla/show_bug.cgi?id=31946)
         Thread currentThread = Thread.currentThread();