Author: radu Date: Thu Jan 21 17:19:35 2016 New Revision: 1726027 URL: http://svn.apache.org/viewvc?rev=1726027&view=rev Log: SLING-5445 - XSSAPI#encodeForJSString is too restrictive
* replaced call to Encode.forJavaScript with call to Encode.forJavaScriptSource Modified: sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java sling/trunk/bundles/extensions/xss/src/test/java/org/apache/sling/xss/impl/XSSAPIImplTest.java Modified: sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java?rev=1726027&r1=1726026&r2=1726027&view=diff ============================================================================== --- sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java (original) +++ sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java Thu Jan 21 17:19:35 2016 @@ -412,7 +412,7 @@ public class XSSAPIImpl implements XSSAP */ @Override public String encodeForJSString(String source) { - return source == null ? null : Encode.forJavaScript(source); + return source == null ? null : Encode.forJavaScriptSource(source); } /** Modified: sling/trunk/bundles/extensions/xss/src/test/java/org/apache/sling/xss/impl/XSSAPIImplTest.java URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/xss/src/test/java/org/apache/sling/xss/impl/XSSAPIImplTest.java?rev=1726027&r1=1726026&r2=1726027&view=diff ============================================================================== --- sling/trunk/bundles/extensions/xss/src/test/java/org/apache/sling/xss/impl/XSSAPIImplTest.java (original) +++ sling/trunk/bundles/extensions/xss/src/test/java/org/apache/sling/xss/impl/XSSAPIImplTest.java Thu Jan 21 17:19:35 2016 @@ -378,10 +378,10 @@ public class XSSAPIImplTest { {null, null}, {"simple", "simple"}, - {"break\"out", "break\\x22out"}, - {"break'out", "break\\x27out"}, - - {"</script>", "<\\/script>"} + {"break\"out", "break\\\"out"}, + {"break'out", "break\\'out"}, + {"'alert(document.cookie)", "\\'alert(document.cookie)"}, + {"2014-04-22T10:11:24.002+01:00", "2014-04-22T10:11:24.002+01:00"} }; for (String[] aTestData : testData) { @@ -408,7 +408,7 @@ public class XSSAPIImplTest { {"\"literal string\"", "\"literal string\""}, {"'literal string'", "'literal string'"}, {"\"bad literal'", RUBBISH}, - {"'literal'); junk'", "'literal\\x27); junk'"}, + {"'literal'); junk'", "'literal\\'); junk'"}, {"1200", "1200"}, {"3.14", "3.14"},