[jira] [Resolved] (SLING-8235) Stop copying the AntiSamy configuration to the repository

Radu Cotescu (JIRA) Fri, 25 Jan 2019 09:14:16 -0800


     [ 
https://issues.apache.org/jira/browse/SLING-8235?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Radu Cotescu resolved SLING-8235.
---------------------------------
    Resolution: Fixed

Implemented in [commit 
f03f628|https://github.com/apache/sling-org-apache-sling-xss/commit/f03f628].

> Stop copying the AntiSamy configuration to the repository
> ---------------------------------------------------------
>
>                 Key: SLING-8235
>                 URL: https://issues.apache.org/jira/browse/SLING-8235
>             Project: Sling
>          Issue Type: Improvement
>            Reporter: Radu Cotescu
>            Assignee: Radu Cotescu
>            Priority: Major
>             Fix For: XSS Protection API 2.1.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Currently the {{org.apache.sling.xss}} bundle copies the default AntiSamy 
> configuration to the repository, with the help of the 
> {{org.apache.sling.jcr.contentloader}}. However, the whole operation is 
> redundant, since the bundle would anyways use this embedded file if the 
> {{org.apache.sling.xss.impl.XSSFilterImpl}} is not configured to use another 
> {{Resource}}.
> The {{org.apache.sling.xss}} bundle should therefore stop providing the 
> {{Sling-Initial-Content}} header, allowing the bundle to also work when the 
> resource tree is not provided by a JCR repository, and provide an optional 
> Felix web console plugin, to allow developers / users to inspect the embedded 
> AntiSamy config, if they need to adapt it to a customised one.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (SLING-8235) Stop copying the AntiSamy configuration to the repository

Reply via email to