You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Radu Cotescu (JIRA)" <ji...@apache.org> on 2015/03/11 15:53:50 UTC
[jira] [Updated] (SLING-4492) Prevent configuring the ESAPI
policies through random content files
[ https://issues.apache.org/jira/browse/SLING-4492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Radu Cotescu updated SLING-4492:
--------------------------------
Summary: Prevent configuring the ESAPI policies through random content files (was: Prevent configuring the ESAPI policies through content)
> Prevent configuring the ESAPI policies through random content files
> -------------------------------------------------------------------
>
> Key: SLING-4492
> URL: https://issues.apache.org/jira/browse/SLING-4492
> Project: Sling
> Issue Type: Bug
> Components: Extensions
> Reporter: Radu Cotescu
> Assignee: Radu Cotescu
> Fix For: XSS Protection API 1.0.0
>
>
> Currently the ESAPI policies are configured through a file from the repository - {{/libs/sling/xss/config.xml}}. However, the configuration of the XSS bundle should be made through OSGi mechanisms instead of relying on content structures and content overlay.
> This issue tracks only the removal of the ESAPI configuration from the content.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)