[
https://issues.apache.org/jira/browse/SLING-12137?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu closed SLING-12137.
-----------------------------------
> XSS API bundle no longer embeds the needed org.owasp.html classes
> -----------------------------------------------------------------
>
> Key: SLING-12137
> URL: https://issues.apache.org/jira/browse/SLING-12137
> Project: Sling
> Issue Type: Bug
> Components: XSS Protection API
> Reporter: Robert Munteanu
> Assignee: Robert Munteanu
> Priority: Critical
> Fix For: XSS Protection API 2.4.0
>
>
> This manifests itself at runtime
> {noformat}09.11.2023 14:26:57.444 *ERROR* [FelixLogListener]
> org.apache.sling.xss.impl.XSSFilterImpl bundle
> org.apache.sling.xss:2.3.11.SNAPSHOT
> (148)[org.apache.sling.xss.impl.XSSFilterImpl(223)] : The activate method has
> thrown an exception (org.apache.felix.log.LogException:
> java.lang.NoClassDefFoundError: org/owasp/html/HtmlStreamEventReceiver)
> org.apache.felix.log.LogException: java.lang.NoClassDefFoundError:
> org/owasp/html/HtmlStreamEventReceiver
> at
> org.apache.sling.xss.impl.PolicyHandler.<init>(PolicyHandler.java:47)
> [org.apache.sling.xss:2.3.11.SNAPSHOT]
> at
> org.apache.sling.xss.impl.XSSFilterImpl.setActiveEmbededPolicy(XSSFilterImpl.java:311)
> [org.apache.sling.xss:2.3.11.SNAPSHOT]
> at
> org.apache.sling.xss.impl.XSSFilterImpl.updatePolicy(XSSFilterImpl.java:298)
> [org.apache.sling.xss:2.3.11.SNAPSHOT]
> at
> org.apache.sling.xss.impl.XSSFilterImpl.activate(XSSFilterImpl.java:267)
> [org.apache.sling.xss:2.3.11.SNAPSHOT]
> {noformat}
> Manually inspecting the jars shows that we don't have the org.owasp.html
> classes we used to embed
> {noformat}
> $ jar tf target/org.apache.sling.xss-2.3.11-SNAPSHOT.jar | grep owasp/html
> org/owasp/html/
> org/owasp/html/DynamicAttributesSanitizerPolicy.class
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
