This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to annotated tag org.apache.sling.xss-1.0.10 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-xss.git
commit 58f95b81f9c59566d268f0453f26a0da40c857a8 Author: Radu Cotescu <[email protected]> AuthorDate: Thu Jan 21 17:19:35 2016 +0000 SLING-5445 - XSSAPI#encodeForJSString is too restrictive * replaced call to Encode.forJavaScript with call to Encode.forJavaScriptSource git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/extensions/xss@1726027 13f79535-47bb-0310-9956-ffa450edef68 --- src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java | 2 +- src/test/java/org/apache/sling/xss/impl/XSSAPIImplTest.java | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java b/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java index e4dc086..5e95ae0 100644 --- a/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java +++ b/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java @@ -412,7 +412,7 @@ public class XSSAPIImpl implements XSSAPI { */ @Override public String encodeForJSString(String source) { - return source == null ? null : Encode.forJavaScript(source); + return source == null ? null : Encode.forJavaScriptSource(source); } /** diff --git a/src/test/java/org/apache/sling/xss/impl/XSSAPIImplTest.java b/src/test/java/org/apache/sling/xss/impl/XSSAPIImplTest.java index dee3e65..ef26f88 100644 --- a/src/test/java/org/apache/sling/xss/impl/XSSAPIImplTest.java +++ b/src/test/java/org/apache/sling/xss/impl/XSSAPIImplTest.java @@ -378,10 +378,10 @@ public class XSSAPIImplTest { {null, null}, {"simple", "simple"}, - {"break\"out", "break\\x22out"}, - {"break'out", "break\\x27out"}, - - {"</script>", "<\\/script>"} + {"break\"out", "break\\\"out"}, + {"break'out", "break\\'out"}, + {"'alert(document.cookie)", "\\'alert(document.cookie)"}, + {"2014-04-22T10:11:24.002+01:00", "2014-04-22T10:11:24.002+01:00"} }; for (String[] aTestData : testData) { @@ -408,7 +408,7 @@ public class XSSAPIImplTest { {"\"literal string\"", "\"literal string\""}, {"'literal string'", "'literal string'"}, {"\"bad literal'", RUBBISH}, - {"'literal'); junk'", "'literal\\x27); junk'"}, + {"'literal'); junk'", "'literal\\'); junk'"}, {"1200", "1200"}, {"3.14", "3.14"}, -- To stop receiving notification emails like this one, please contact "[email protected]" <[email protected]>.
