[jira] [Updated] (SLING-6685) Replace commons.json usage in org.apache.sling.xss
[ https://issues.apache.org/jira/browse/SLING-6685?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls updated SLING-6685: -- Attachment: SLING-6685-2.patch After some more clean-up, I think the second patch is good to go so please review again. > Replace commons.json usage in org.apache.sling.xss > -- > > Key: SLING-6685 > URL: https://issues.apache.org/jira/browse/SLING-6685 > Project: Sling > Issue Type: Sub-task > Components: XSS Protection API >Affects Versions: XSS Protection API 1.0.18 >Reporter: Karl Pauls >Assignee: Karl Pauls > Labels: patch-available > Fix For: XSS Protection API 1.0.20 > > Attachments: SLING-6685-2.patch, SLING-6685.patch > > -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (SLING-6685) Replace commons.json usage in org.apache.sling.xss
[ https://issues.apache.org/jira/browse/SLING-6685?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls updated SLING-6685: -- Attachment: (was: SLING-6685-2.patch) > Replace commons.json usage in org.apache.sling.xss > -- > > Key: SLING-6685 > URL: https://issues.apache.org/jira/browse/SLING-6685 > Project: Sling > Issue Type: Sub-task > Components: XSS Protection API >Affects Versions: XSS Protection API 1.0.18 >Reporter: Karl Pauls >Assignee: Karl Pauls > Labels: patch-available > Fix For: XSS Protection API 1.0.20 > > Attachments: SLING-6685.patch > > -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (SLING-6685) Replace commons.json usage in org.apache.sling.xss
[ https://issues.apache.org/jira/browse/SLING-6685?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls updated SLING-6685: -- Attachment: SLING-6685-2.patch Updated patch which uses the common.johnzon bundle, enables comments in json, and changes the tests to only use wellformed json. Additionally, I fixed some javadoc and changed the api version to 2.0.0 as this is a breaking change (unfortunately, the api is leaking the JSONObject). > Replace commons.json usage in org.apache.sling.xss > -- > > Key: SLING-6685 > URL: https://issues.apache.org/jira/browse/SLING-6685 > Project: Sling > Issue Type: Sub-task > Components: XSS Protection API >Affects Versions: XSS Protection API 1.0.18 >Reporter: Karl Pauls >Assignee: Karl Pauls > Labels: patch-available > Fix For: XSS Protection API 1.0.20 > > Attachments: SLING-6685-2.patch, SLING-6685.patch > > -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (SLING-6685) Replace commons.json usage in org.apache.sling.xss
[ https://issues.apache.org/jira/browse/SLING-6685?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls updated SLING-6685: -- Attachment: SLING-6685.patch This one is a tricky one. The patch does replace the usage with johnzon - however, the xss impl used the org.json code to parse not wellformed json and return it as wellformed json. The johnzon parser only supports wellformed json so it throws exceptions much earlier. For that reason, one of the tests in this bundle does fail after applying the patch. The question is if we need to use some different for the parsing (and keep the functionality) or whether we think this is ok and correct the test? > Replace commons.json usage in org.apache.sling.xss > -- > > Key: SLING-6685 > URL: https://issues.apache.org/jira/browse/SLING-6685 > Project: Sling > Issue Type: Sub-task > Components: XSS Protection API >Affects Versions: XSS Protection API 1.0.18 >Reporter: Karl Pauls >Assignee: Karl Pauls > Fix For: XSS Protection API 1.0.20 > > Attachments: SLING-6685.patch > > -- This message was sent by Atlassian JIRA (v6.3.15#6346)
