[
https://issues.apache.org/jira/browse/SLING-4236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14241653#comment-14241653
]
Felix Meschberger commented on SLING-4236:
------------------------------------------
Interestingly, the owasp {{Encoder.encode(Encoder, String)}} method states:
{code}
if (str == null) {
// consistent with String.valueOf(...) use "null" for null.
str = "null";
}
{code}
so we should do the null check to return {{null}} instead of {{String("null")}}
> The XSSAPI's encode methods should return null for null input
> -------------------------------------------------------------
>
> Key: SLING-4236
> URL: https://issues.apache.org/jira/browse/SLING-4236
> Project: Sling
> Issue Type: Bug
> Components: Extensions
> Affects Versions: XSS Protection API 1.0.0
> Reporter: Radu Cotescu
>
> The XSSAPI's encode methods should return {{null}} for {{null}} input.
> Currently it seems that the default implementation based on the
> {{owasp-java-encoder}} transforms {{null}} into {{"null"}}.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
