[jira] [Closed] (SLING-4492) Prevent configuring the ESAPI policies through random content files

Radu Cotescu (JIRA) Fri, 20 Mar 2015 03:01:00 -0700

     [ 
https://issues.apache.org/jira/browse/SLING-4492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Radu Cotescu closed SLING-4492.
-------------------------------

Closing issues fixed in [XSS Protection API 
1.0.0|https://issues.apache.org/jira/browse/SLING-4492?jql=fixVersion%20%3D%20%22XSS%20Protection%20API%201.0.0%22%20AND%20project%20%3D%20SLING].

> Prevent configuring the ESAPI policies through random content files
> -------------------------------------------------------------------
>
>                 Key: SLING-4492
>                 URL: https://issues.apache.org/jira/browse/SLING-4492
>             Project: Sling
>          Issue Type: Bug
>          Components: Extensions
>            Reporter: Radu Cotescu
>            Assignee: Radu Cotescu
>             Fix For: XSS Protection API 1.0.0
>
>
> Currently the default ESAPI policies are configured through a file from the 
> repository - {{/libs/sling/xss/config.xml}}. However, the proposed 
> {{XSSFilter}} API allows filtering using random policy files. The 
> configuration should be performed only through the 
> {{/libs/sling/xss/config.xml}} file, or through an {{/apps}} overlay.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Closed] (SLING-4492) Prevent configuring the ESAPI policies through random content files

Reply via email to