[
https://issues.apache.org/jira/browse/SLING-6793?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17058720#comment-17058720
]
Carsten Ziegeler commented on SLING-6793:
-----------------------------------------
First of all, my recommendation is to not use JSP - other scripting languages
provide like htl supports this way better.
But if you want to stick with JSP, you can get the service using the "sling"
object, you can use the EncodeTag from the jsp taglib or you can use the
SlingFunction static method from the jsp taglib.
> Remove unused methods from XSSAPI
> ---------------------------------
>
> Key: SLING-6793
> URL: https://issues.apache.org/jira/browse/SLING-6793
> Project: Sling
> Issue Type: Improvement
> Components: XSS Protection API
> Reporter: Carsten Ziegeler
> Assignee: Karl Pauls
> Priority: Major
> Fix For: XSS Protection API 2.0.0
>
>
> The XSSAPI defines two methods:
> XSSAPI getRequestSpecificAPI(SlingHttpServletRequest request);
> XSSAPI getResourceResolverSpecificAPI(ResourceResolver resourceResolver);
> which imply that there is some user specific xss checking for validating
> hrefs. However user specific xss validation is neither implemented nor does
> it make sense.
> Therefore we should remove these methods
> At the same time we should remove the XSSAPIAdapterFactory as this is abusing
> the adapter pattern. Getting an XSSAPI service in Java or JSP is easy and
> there is no need to use the adapter pattern here.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
