[jira] [Resolved] (SLING-2206) Preventing the Execution of Unauthorized Script in JSON

Carsten Ziegeler (Jira) Wed, 12 Apr 2023 22:07:32 -0700


     [ 
https://issues.apache.org/jira/browse/SLING-2206?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Carsten Ziegeler resolved SLING-2206.
-------------------------------------
    Resolution: Won't Fix

> Preventing the Execution of Unauthorized Script in JSON
> -------------------------------------------------------
>
>                 Key: SLING-2206
>                 URL: https://issues.apache.org/jira/browse/SLING-2206
>             Project: Sling
>          Issue Type: New Feature
>          Components: Servlets
>            Reporter: Antonio Sanso
>            Priority: Minor
>
> For an explanation of the security problem please check [0].
> To see how for example Gmail solves the problem refer to [1]
> I think that would be good to have this feature to be configurable (on by 
> default). I would personally opt for adding the while(1); solution (that is 
> the same Google use).
> .
> [0] 
> http://labs.adobe.com/technologies/spry/samples/data_region/JSONParserSample.html
> [1] http://msujaws.wordpress.com/2011/02/28/xss-prevention-in-gmail/



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (SLING-2206) Preventing the Execution of Unauthorized Script in JSON

Reply via email to