[
https://issues.apache.org/jira/browse/SLING-10158?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Norman updated SLING-10158:
--------------------------------
Summary: XSSFilter fails with a classloading error with the TreeWalker
class (was: XSSFilter fails with a classloading the TreeWalker class)
> XSSFilter fails with a classloading error with the TreeWalker class
> -------------------------------------------------------------------
>
> Key: SLING-10158
> URL: https://issues.apache.org/jira/browse/SLING-10158
> Project: Sling
> Issue Type: Bug
> Affects Versions: XSS Protection API 2.2.10
> Reporter: Eric Norman
> Priority: Major
> Fix For: XSS Protection API 2.2.12
>
>
> After switching to xss v2.2.10 many pages fail with a classloading exception
> regarding the org.apache.xml.serializer.TreeWalker class
> For example, the composium browser at
> [http://localhost:8080/bin/browser.html] fails with this error:
> {noformat}
> org/apache/xml/serializer/TreeWalker (500)
> The requested URL /bin/browser.html resulted in an error in
> /libs/composum/nodes/browser/browser.jsp.
> Exception:
> java.lang.NoClassDefFoundError: org/apache/xml/serializer/TreeWalker
> at
> org.apache.xalan.processor.TransformerFactoryImpl.newTransformer(TransformerFactoryImpl.java:818)
> at
> org.owasp.validator.html.scan.AntiSamySAXScanner.getNewTransformer(AntiSamySAXScanner.java:178)
> at
> org.owasp.validator.html.scan.AntiSamySAXScanner.scan(AntiSamySAXScanner.java:133)
> at
> org.owasp.validator.html.scan.AntiSamySAXScanner.scan(AntiSamySAXScanner.java:107)
> at
> org.owasp.validator.html.scan.AntiSamySAXScanner.scan(AntiSamySAXScanner.java:89)
> at org.owasp.validator.html.AntiSamy.scan(AntiSamy.java:129)
> at org.owasp.validator.html.AntiSamy.scan(AntiSamy.java:75)
> at
> org.apache.sling.xss.impl.HtmlToHtmlContentContext.getCleanResults(HtmlToHtmlContentContext.java:98)
> at
> org.apache.sling.xss.impl.HtmlToHtmlContentContext.filter(HtmlToHtmlContentContext.java:68)
> at org.apache.sling.xss.impl.XSSFilterImpl.filter(XSSFilterImpl.java:200)
> at org.apache.sling.xss.impl.XSSFilterImpl.filter(XSSFilterImpl.java:194)
> at com.composum.sling.core.util.XSS.filter(XSS.java:282)
> at
> com.composum.sling.core.util.ConsoleUtil.getConsoleResource(ConsoleUtil.java:31)
> at
> com.composum.sling.core.AbstractServletBean.initialize(AbstractServletBean.java:33)
> at
> com.composum.sling.core.BeanContext$AbstractContext.tryToInstantiateSlingBean(BeanContext.java:266)
> at
> com.composum.sling.core.BeanContext$AbstractContext.adaptTo(BeanContext.java:246)
> at com.composum.sling.core.BeanContext$Page.adaptTo(BeanContext.java:571)
> at
> com.composum.sling.cpnl.ComponentTag.createComponent(ComponentTag.java:220)
> at com.composum.sling.cpnl.ComponentTag.doStartTag(ComponentTag.java:73)
> at
> org.apache.jsp.libs.composum.nodes.browser.browser__002e__jsp._jspService(browser__002e__jsp.java:112)
> at
> org.apache.sling.scripting.jsp.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
> at
> org.apache.sling.scripting.jsp.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:496)...
> {noformat}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
