Radu Cotescu created SLING-9768:
-----------------------------------
Summary: The
org.apache.sling.api.scripting.SlingScript#getScriptResource implementations
should not leak the scripting resolver
Key: SLING-9768
URL: https://issues.apache.org/jira/browse/SLING-9768
Project: Sling
Issue Type: Bug
Components: Scripting
Affects Versions: Scripting HTL Engine 1.4.2-1.4.0, Scripting Core 2.3.0
Reporter: Radu Cotescu
Assignee: Radu Cotescu
Fix For: Scripting Core 2.3.4, Scripting HTL Engine 1.4.4-1.4.0
Since the {{SlingScript}} is usually made available via the {{bindings}} to the
current executing script, the resolver that can be accessed via
{{org.apache.sling.api.scripting.SlingScript#getScriptResource}} should not
give elevated access to the caller. This means that either the caller is
responsible for the mapped resolver (by getting a mapped resolver to the bundle
the caller comes from via script precompilation), or the resolver should be the
request resolver.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
