Karl Pauls created SLING-10342:
----------------------------------
Summary: The recursion selector value for the JsonRenderServlet
should be limited to real numbers
Key: SLING-10342
URL: https://issues.apache.org/jira/browse/SLING-10342
Project: Sling
Issue Type: Bug
Components: Servlets
Affects Versions: Servlets Get 2.1.40
Reporter: Karl Pauls
Assignee: Karl Pauls
Fix For: Servlets Get 2.1.42
The JsonRenderServlet recursion selector is supposed to be:
{code:java}
"-1" | "infinity" | [0-9]+
{code}
Following SLING-2324, a value > Integer.MAX_VALUE is considered to be
"infinity".
However, we don't enforce that the value is not a negative number (besides the
allowed "-1") nor do we prevent it from being a numeric which is not real
numbers (i.e., not matching [0-9]+).
We should make sure we only accept: {{"-1" | "infinity" | [0-9]+}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
