[jira] [Created] (SLING-7771) org.apache.sling.xss.impl.XSSFilterImpl#isValidHref can throw exceptions for illegal hex escape sequences

Radu Cotescu (JIRA) Sun, 08 Jul 2018 06:17:39 -0700

Radu Cotescu created SLING-7771:
-----------------------------------

             Summary: org.apache.sling.xss.impl.XSSFilterImpl#isValidHref can 
throw exceptions for illegal hex escape sequences
                 Key: SLING-7771
                 URL: https://issues.apache.org/jira/browse/SLING-7771
             Project: Sling
          Issue Type: Bug
          Components: Extensions
    Affects Versions: XSS Protection API 2.0.8, XSS Protection API 2.0.6, XSS 
Protection API 2.0.4
            Reporter: Radu Cotescu
            Assignee: Radu Cotescu
             Fix For: XSS Protection API 2.0.10



The fix introduced in SLING-7323 allows {{IllegalArgumentException}} to be 
thrown in case a URL contains illegal hex escape characters. Instead of 
throwing a {{RuntimeException}}, the implementation should just return 
{{false}} and log the exception.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (SLING-7771) org.apache.sling.xss.impl.XSSFilterImpl#isValidHref can throw exceptions for illegal hex escape sequences

Reply via email to