rombert commented on code in PR #34:
URL:
https://github.com/apache/sling-org-apache-sling-xss/pull/34#discussion_r1250986213
##########
pom.xml:
##########
@@ -172,6 +172,33 @@
</includes>
</configuration>
</plugin>
+ <!-- Shade 3rdparty libs to avoid classpath conflicts in unit
tests -->
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-shade-plugin</artifactId>
+ <configuration>
+ <artifactSet>
+ <includes>
+ <include>com.google.guava:*</include>
+ </includes>
+ </artifactSet>
+ <createSourcesJar>true</createSourcesJar>
+ <relocations>
+ <relocation>
+ <pattern>com.google.common</pattern>
+
<shadedPattern>sling-xss.com.google.common</shadedPattern>
Review Comment:
Thanks for the change. I think this is a restriction of Java at the source
level, but it seems to be legal bytecode. Before your change, the compiled java
classes reference the 'sling-xss' package, see below snippet
```
$ javap -verbose -cp target/org.apache.sling.xss-2.3.9-SNAPSHOT.jar
org.apache.sling.xss.impl.HtmlSanitizer
(...)
47: invokespecial #86 // Method
org/owasp/html/DynamicAttributesSanitizerPolicy."<init>":(Lorg/owasp/html/HtmlStreamEventReceiver;Lsling-xss/com/google/common/collect/ImmutableMap;Lsling-xss/com/google/common/collect/ImmutableSet;Ljava/util/Map;Ljava/util/List;)V
(...)
````
More a curiosity than something to spend more time about.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
