Google Git
Sign in
apache / sling-org-apache-sling-xss / bfee439db27186a110140f574f8cc978fa3451af
commitbfee439db27186a110140f574f8cc978fa3451af[log] [tgz]
authorRadu Cotescu <170911+raducotescu@users.noreply.github.com>Fri Jun 29 17:44:53 2018 +0200
committerGitHub <noreply@github.com>Fri Jun 29 17:44:53 2018 +0200
treeaadb645cec4fd3abed8e4cf56586536cf293c85b
parent43947bd638d73e4595dea49972049e560c409b06 [diff]
SLING-7741 - org.apache.sling.xss.impl.XSSAPIImpl#getValidHref doesn't correctly handle the ":" character in URL fragments

* implemented the URI grammar from RFC3986 as a set of regular expressions to allow colons to be used in the URIs
* modified mangleNamespaces function to only perform namespace mangling for paths
* extended tests
* updated AntiSamy
* updated dependencies and provided more tests
6 files changed
tree: aadb645cec4fd3abed8e4cf56586536cf293c85b
  1. src/
  2. .gitignore
  3. LICENSE
  4. pom.xml
  5. README.md
README.md

Build Status Test Status Maven Central JavaDocs License

Apache Sling XSS Protection

This module is part of the Apache Sling project.

The Apache Sling XSS Bundle provides two services for escaping and filtering XSS-prone user submitted content:

  1. org.apache.sling.xss.XSSAPI
  2. org.apache.sling.xss.XSSFilter

Please check the JavaDoc of each service to find out what methods they provide.