[jira] [Comment Edited] (SLING-3850) Add comments to the OSGi configuration files stored in the repository generated by configuration writeback

[Justin Edelson (JIRA)]

    [ 
https://issues.apache.org/jira/browse/SLING-3850?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14098239#comment-14098239
 ] 

Justin Edelson edited comment on SLING-3850 at 8/15/14 7:57 PM:
----------------------------------------------------------------

bq. and because it is not JS but just name value properties more like a 
properties file. 

[~fmeschbe]
that syntactically is a valid JS :P
So it seems there is some interested to know the full story so here it  is :)

Imagine this osgi property file is stored under 
/apps/system/config/org.apache.sling.Configuration.config

and looks like

{code}
username="admin"
password="admin"
{code}

Now I can put on my blog a page that looks like

{code}
<script src="http://localhost:8080 
/apps/system/config/org.apache.sling.Configuration.config"></script>
<script>alert(username+'\n'+password)</script>
{code}

Now guess which one is going to be the output if a Sling admin visit my blog :) 
...


was (Author: asanso):
bq. and because it is not JS but just name value properties more like a 
properties file. 

[~fmeschbe]
that syntactically is a valid JS :P
So it seems there is some interested to know the full story so here it  is :)

Imagine this osgi property file is stored under 
/apps/system/config/org.apache.sling.Configuration.config

and looks like

{code}
username = admin
password = admin
{code}

Now I can put on my blog a page that looks like

{code}
<script src="http://localhost:8080 
/apps/system/config/org.apache.sling.Configuration.config"></script>
<script>alert(username+'\n'+password)</script>
{code}

Now guess which one is going to be the output if a Sling admin visit my blog :) 
...

> Add comments to the OSGi configuration files stored in the repository 
> generated by configuration writeback
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: SLING-3850
>                 URL: https://issues.apache.org/jira/browse/SLING-3850
>             Project: Sling
>          Issue Type: Improvement
>          Components: Installer
>            Reporter: Antonio Sanso
>            Assignee: Carsten Ziegeler
>            Priority: Minor
>             Fix For: JCR Installer 3.1.8
>
>
> It would be nice add coment to the OSGi configuration files stored in the 
> repository.
> e.g. 
> {code}
> #generated by .. 
> {code}
> This will have as a wanted side effect to not have the file being a valid 
> javascript



--
This message was sent by Atlassian JIRA
(v6.2#6252)