[
https://issues.apache.org/jira/browse/SLING-7476?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16355516#comment-16355516
]
Robert Munteanu commented on SLING-7476:
----------------------------------------
This is a configuration issue. 200,000 bytes is the default size, as defined in
https://github.com/apache/sling-org-apache-sling-xss/blob/4c118bd1457e1f9f7a04e965eadcf2b4494cee4c/src/main/resources/SLING-INF/content/config.xml#L27
. Changing the value to 300,000 makes the test pass, so there isn't really
anything to change in the code here.
> XSSAPI.filterHTML() fails if source > 200k
> ------------------------------------------
>
> Key: SLING-7476
> URL: https://issues.apache.org/jira/browse/SLING-7476
> Project: Sling
> Issue Type: Bug
> Components: XSS Protection API
> Affects Versions: XSS Protection API 2.0.4
> Reporter: Tobias Bocanegra
> Priority: Major
>
> when filtering a source that is larger than 200k, the xss api fails with:
> {noformat}
> java.lang.RuntimeException: Unable to scan input
> at
> org.apache.sling.xss.impl.HtmlToHtmlContentContext.filter(HtmlToHtmlContentContext.java:73)
> at
> org.apache.sling.xss.impl.XSSFilterImpl.filter(XSSFilterImpl.java:190)
> at
> org.apache.sling.xss.impl.XSSFilterImpl.filter(XSSFilterImpl.java:123)
> at org.apache.sling.xss.impl.XSSAPIImpl.filterHTML(XSSAPIImpl.java:466)
> at
> org.apache.sling.xss.impl.XSSAPIImplTest.testFilterLargeHTML(XSSAPIImplTest.java:223)
> {noformat}
> Test:
> {code}
> @Test
> public void testFilterLargeHTML() {
> final int SIZE = 210000;
> StringBuilder b = new StringBuilder(SIZE);
> while (b.length() < SIZE) {
> b.append("Lorem ipsum dolor sit amet, consectetur adipiscing
> elit. Donec at enim et dui egestas accumsan amet.");
> }
> String source = b.toString();
> TestCase.assertEquals("Filtering large source", source,
> xssAPI.filterHTML(source));
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
