Google Git
Sign in
apache / sling-org-apache-sling-xss / bc0a76fb8f99abf06099a797d20c6a594afa7151
commitbc0a76fb8f99abf06099a797d20c6a594afa7151[log] [tgz]
authorRobert Munteanu <rombert@apache.org>Fri Jun 30 12:47:00 2023 +0200
committerGitHub <noreply@github.com>Fri Jun 30 12:47:00 2023 +0200
tree6cdfcb24ab2ebe8727be69b7a3bbd1921e271a16
parent01effece015314baf2666766ff318004a206c5c7 [diff]
SLING-11610 - Sling XSS API 2.3.0 does not work on Java 17 (#32)

1. Switch from reflective access to using sun.misc.Unsafe. Even though 'unsafe' looks scary,
it's part of the jdk.unsupported module which both 'exports' and 'opens' its packages.

Reference: https://blogs.oracle.com/javamagazine/post/a-peek-into-java-17-continuing-the-drive-to-encapsulate-the-java-runtime-internals

2. Library updates: update to the latest version of Mockito, drop Powermock

3. Exclude xml-apis transitive dependency, this causes conflicts since we are using the module path

See https://stackoverflow.com/questions/55571046/eclipse-is-confused-by-imports-accessible-from-more-than-one-module

4. Configure the maven-compiler-plugin to use source/target instead of release, even for newer JDK
versions. This has the effect of running javac with fewer checks, and allows compilation on
Java 8 to complete succesfully.
5 files changed
tree: 6cdfcb24ab2ebe8727be69b7a3bbd1921e271a16
  1. src/
  2. .asf.yaml
  3. .gitignore
  4. .sling-module.json
  5. bnd.bnd
  6. CODE_OF_CONDUCT.md
  7. CONTRIBUTING.md
  8. Jenkinsfile
  9. LICENSE
  10. pom.xml
  11. README.md
README.md

Apache Sling

Build Status Test Status Coverage Sonarcloud Status JavaDoc Maven Central License

Apache Sling XSS Protection

This module is part of the Apache Sling project.

The Apache Sling XSS Bundle provides two services for escaping and filtering XSS-prone user submitted content:

  1. org.apache.sling.xss.XSSAPI
  2. org.apache.sling.xss.XSSFilter

Please check the JavaDoc of each service to find out what methods they provide.