[
https://issues.apache.org/jira/browse/SLING-6793?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Karl Pauls reassigned SLING-6793:
---------------------------------
Assignee: Karl Pauls
> Remove unused methods from XSSAPI
> ---------------------------------
>
> Key: SLING-6793
> URL: https://issues.apache.org/jira/browse/SLING-6793
> Project: Sling
> Issue Type: Improvement
> Components: XSS Protection API
> Reporter: Carsten Ziegeler
> Assignee: Karl Pauls
> Fix For: XSS Protection API 1.0.20
>
>
> The XSSAPI defines two methods:
> XSSAPI getRequestSpecificAPI(SlingHttpServletRequest request);
> XSSAPI getResourceResolverSpecificAPI(ResourceResolver resourceResolver);
> which imply that there is some user specific xss checking for validating
> hrefs. However user specific xss validation is neither implemented nor does
> it make sense.
> Therefore we should remove these methods
> At the same time we should remove the XSSAPIAdapterFactory as this is abusing
> the adapter pattern. Getting an XSSAPI service in Java or JSP is easy and
> there is no need to use the adapter pattern here.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
