[
https://issues.apache.org/jira/browse/SLING-11111?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17486537#comment-17486537
]
Robert Munteanu commented on SLING-11111:
-----------------------------------------
I created a draft PR at
https://github.com/apache/sling-org-apache-sling-xss/pull/14, but we need to
discuss how to address the new warnings that are emitted
{noformat}
03.02.2022 15:37:05.472 *WARN* [Apache Sling Repository Startup Thread #1]
org.owasp.validator.html.Policy The directive "noopenerAndNoreferrerAnchors" is
not enabled by default. It is recommended to enable it to prevent reverse
tabnabbing attacks.
03.02.2022 15:37:05.516 *WARN* [Apache Sling Repository Startup Thread #1]
org.owasp.validator.html.Policy The directive "noopenerAndNoreferrerAnchors" is
not enabled by default. It is recommended to enable it to prevent reverse
tabnabbing attacks.
{noformat}
> Update to AntiSamy 1.6.5
> ------------------------
>
> Key: SLING-11111
> URL: https://issues.apache.org/jira/browse/SLING-11111
> Project: Sling
> Issue Type: Improvement
> Components: XSS Protection API
> Reporter: Robert Munteanu
> Assignee: Robert Munteanu
> Priority: Major
> Fix For: XSS Protection API 2.2.20
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> There is a new release of AntiSamy, which has changed the way XML Transformer
> Factory is looked up. We should investigate is this is a viable change for
> us, since it uses system properties.
> See [AntiSamy commit
> 7ff740de|https://github.com/nahsra/antisamy/commit/7ff740de5cd3577c49aca61c985f376de9f8884c]
> and [AntiSamy issue 103|https://github.com/nahsra/antisamy/issues/103].
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
