[
https://issues.apache.org/jira/browse/SLING-9613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17166378#comment-17166378
]
Radu Cotescu commented on SLING-9613:
-------------------------------------
Implemented a fix inĀ [commit
d33293a|https://github.com/apache/sling-org-apache-sling-xss/commit/d33293a].
> java.lang.StackOverflowError in XSSFilterImpl.filter for long URLs
> ------------------------------------------------------------------
>
> Key: SLING-9613
> URL: https://issues.apache.org/jira/browse/SLING-9613
> Project: Sling
> Issue Type: Bug
> Components: XSS Protection API
> Reporter: Radu Cotescu
> Assignee: Radu Cotescu
> Priority: Major
>
> Attempting to filter the following HTML snippet results in a
> {{StackOverflowError}}:
> {code:html}
> <a
> href="https://google.com/t/r/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";>
> Click here to access replay webcast</a>
> {code}
> {code:java}
> java.lang.StackOverflowError
> at
> java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3939)
> at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4804)
> at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4749)
> at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4804)
> at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4941)
> at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4863)
> at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4713)
> at
> java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3964)
> at
> java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3964)
> at
> java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3964)
> at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4749)
> at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4804)
> at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4941)
> at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4863)
> at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4713)
> at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4863)
> at
> java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4306)
> at
> java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3940)
> at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4804)
> at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4749)
> at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4804)
> ...
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
