[ https://issues.apache.org/jira/browse/SLING-8235?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Radu Cotescu resolved SLING-8235. --------------------------------- Resolution: Fixed Implemented in [commit f03f628|https://github.com/apache/sling-org-apache-sling-xss/commit/f03f628]. > Stop copying the AntiSamy configuration to the repository > --------------------------------------------------------- > > Key: SLING-8235 > URL: https://issues.apache.org/jira/browse/SLING-8235 > Project: Sling > Issue Type: Improvement > Reporter: Radu Cotescu > Assignee: Radu Cotescu > Priority: Major > Fix For: XSS Protection API 2.1.0 > > Time Spent: 20m > Remaining Estimate: 0h > > Currently the {{org.apache.sling.xss}} bundle copies the default AntiSamy > configuration to the repository, with the help of the > {{org.apache.sling.jcr.contentloader}}. However, the whole operation is > redundant, since the bundle would anyways use this embedded file if the > {{org.apache.sling.xss.impl.XSSFilterImpl}} is not configured to use another > {{Resource}}. > The {{org.apache.sling.xss}} bundle should therefore stop providing the > {{Sling-Initial-Content}} header, allowing the bundle to also work when the > resource tree is not provided by a JCR repository, and provide an optional > Felix web console plugin, to allow developers / users to inspect the embedded > AntiSamy config, if they need to adapt it to a customised one. -- This message was sent by Atlassian JIRA (v7.6.3#76005)