Jan Stettler created SLING-6865: ----------------------------------- Summary: Default Config sling/xss/config.xml and XSSFilterImpl is not the same Key: SLING-6865 URL: https://issues.apache.org/jira/browse/SLING-6865 Project: Sling Issue Type: Bug Components: XSS Protection API Reporter: Jan Stettler Priority: Critical
There is a different default config for XSSFilterImpl .href In XSSFilter the Pattern looks like {code} (\\s)*((ht|f)tp(s?)://|mailto:)[\\p{L}\\p{N}]+[\\p{L}\\p{N}\\p{Zs}\\.\\#@\\$%\\+&;:\\-_~,\\?=/!\\*\\(\\)]*(\\s)*" {code} in the /libs/sling/xss/config.xml itself it looks like {code} (\s)*((ht|f)tp(s?)://|mailto:)[\p{L}\p{N}]+[\p{L}\p{N}\p{Zs}\.\#@\$%\+&;:\-_~,\?=/!\*\(\)]*(\s)* {code} In the config file there is a missing (\\) Can you fix this? -- This message was sent by Atlassian JIRA (v6.3.15#6346)