Radu Cotescu created SLING-8866:
-----------------------------------
Summary: Add reporting info in the XSS Protection API bundle
Key: SLING-8866
URL: https://issues.apache.org/jira/browse/SLING-8866
Project: Sling
Issue Type: Improvement
Components: XSS Protection API
Reporter: Radu Cotescu
Fix For: XSS Protection API 2.2.0
The XSS Protection API should be enhanced to provide some reporting about
invalid URLs in order to allow operators of a Sling instance to monitor the
state of the system (e.g. incorrect AntiSamy configurations, attacks, DOS
attempts, etc.).
The following ideas should be taken into consideration:
# add last X blocked expressions to the Sling XSS Web Console page
# generate blocked metrics, based on configurable paths, e.g. {{/libs}},
{{/apps}}, {{/content}}.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
