Google Git
Sign in
apache / sling-org-apache-sling-xss / acaefc493eca19e3efbfef86fb712bb0db6bb57f
commitacaefc493eca19e3efbfef86fb712bb0db6bb57f[log] [tgz]
authorRadu Cotescu <170911+raducotescu@users.noreply.github.com>Thu Jan 16 17:50:58 2020 +0100
committerGitHub <noreply@github.com>Thu Jan 16 17:50:58 2020 +0100
tree6ec3a1684a063801b65231b0cfe8f0b07a562065
parentb3c8e24f036d32abcbd405a4af8e63975f601746 [diff]
SLING-8866 - Add reporting info in the XSS Protection API bundle

* added a counter metric (sling:xss.invalid_hrefs) to track the number of invalid URLs detected by org.apache.sling.xss.XSSFilter#isValidHref
* enhanced the webconsole plugin to provide a detailed report of the blocked URLs
* allow a system administrator to download the active AntiSamy configuration
* expose JSON / XML endpoints to retrieve the current status of the XSS library / the active AntiSamy configuration
14 files changed
tree: 6ec3a1684a063801b65231b0cfe8f0b07a562065
  1. src/
  2. .gitignore
  3. bnd.bnd
  4. CODE_OF_CONDUCT.md
  5. CONTRIBUTING.md
  6. Jenkinsfile
  7. LICENSE
  8. pom.xml
  9. README.md
README.md

Build Status Test Status Maven Central JavaDocs License

Apache Sling XSS Protection

This module is part of the Apache Sling project.

The Apache Sling XSS Bundle provides two services for escaping and filtering XSS-prone user submitted content:

  1. org.apache.sling.xss.XSSAPI
  2. org.apache.sling.xss.XSSFilter

Please check the JavaDoc of each service to find out what methods they provide.