Remo Liechti created SLING-12697:
------------------------------------
Summary: Potential origins of violations to the RequestDispatcher
include API provides misleading information on a committed response
Key: SLING-12697
URL: https://issues.apache.org/jira/browse/SLING-12697
Project: Sling
Issue Type: Improvement
Components: Engine
Reporter: Remo Liechti
Assignee: Remo Liechti
Fix For: Engine 2.16.0
In case of excessive recursive calls, a huge stack of potential origins is
generated (see SLING-12478).
When using all those messages that sit in the RequestProgressTracker, a lot of
memory is used to generate a log message that actually helps the developer to
find the origin of the XSS violation. This may lead to OOM errors where the
system cannot recover from. This seems to be especially critical for recursive
calls where a servlet calls itself over and over again, building a bug amount
of tracked messages that then later on need to be analyzed. As nobody will go
through such a enormous stack, as well as it may get truncated during logging,
make sure to use the last 500 messages of the RequestProgressTracker in the
analysis of potential origins and put them into the log message instead.
This way, we achieve a log message that can first of all, be logged properly
and is still manageable to read and understood by the developer.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
