[
https://issues.apache.org/jira/browse/SLING-7476?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16355621#comment-16355621
]
Tobias Bocanegra commented on SLING-7476:
-----------------------------------------
well, this is a limitation of the underlying library, which can't be configured
via OSGi config.
I'm ok with that, since it's insane to have such long strings :-)
but the error is a bit misleading. I would expect:
- either an IllegalArgumentException that explains why it fails
- or better, the text being truncated to the limit.
> XSSAPI.filterHTML() fails if source > 200k
> ------------------------------------------
>
> Key: SLING-7476
> URL: https://issues.apache.org/jira/browse/SLING-7476
> Project: Sling
> Issue Type: Bug
> Components: XSS Protection API
> Affects Versions: XSS Protection API 2.0.4
> Reporter: Tobias Bocanegra
> Priority: Major
>
> when filtering a source that is larger than 200k, the xss api fails with:
> {noformat}
> java.lang.RuntimeException: Unable to scan input
> at
> org.apache.sling.xss.impl.HtmlToHtmlContentContext.filter(HtmlToHtmlContentContext.java:73)
> at
> org.apache.sling.xss.impl.XSSFilterImpl.filter(XSSFilterImpl.java:190)
> at
> org.apache.sling.xss.impl.XSSFilterImpl.filter(XSSFilterImpl.java:123)
> at org.apache.sling.xss.impl.XSSAPIImpl.filterHTML(XSSAPIImpl.java:466)
> at
> org.apache.sling.xss.impl.XSSAPIImplTest.testFilterLargeHTML(XSSAPIImplTest.java:223)
> {noformat}
> Test:
> {code}
> @Test
> public void testFilterLargeHTML() {
> final int SIZE = 210000;
> StringBuilder b = new StringBuilder(SIZE);
> while (b.length() < SIZE) {
> b.append("Lorem ipsum dolor sit amet, consectetur adipiscing
> elit. Donec at enim et dui egestas accumsan amet.");
> }
> String source = b.toString();
> TestCase.assertEquals("Filtering large source", source,
> xssAPI.filterHTML(source));
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
