[
https://issues.apache.org/jira/browse/SLING-9613?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Radu Cotescu updated SLING-9613:
--------------------------------
Description:
Attempting to filter the following HTML snippet results in a
{{StackOverflowError}}:
{code:html}
<a
href="https://google.com/t/r/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";>
Click here to access replay webcast</a>
{code}
{code:java}
java.lang.StackOverflowError
at
java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3939)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4804)
at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4749)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4804)
at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4941)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4863)
at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4713)
at
java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3964)
at
java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3964)
at
java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3964)
at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4749)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4804)
at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4941)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4863)
at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4713)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4863)
at
java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4306)
at
java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3940)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4804)
at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4749)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4804)
...
{code}
was:
The regex patterns defined in AntiSamy's configuration file can throw a
StackOverflowError for long URLs (1700 characters or more).
{code:java}
Caused by: java.lang.StackOverflowError
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850)
at
java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4293)
at
java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791)
at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791)
at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850)
at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850)
at
java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4293)
at
java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791)
at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791)
at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850)
at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850)
at
java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4293)
at
java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791)
at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791)
at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850)
at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850)
at
java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4293)
at
java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791)
at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791)
at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850)
at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850)
at
java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4293)
at
java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791)
at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791)
at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850)
at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700)
at
java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3951)
at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791)
at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850)
at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850)
at
java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4293)
at
java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791)
at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791)
at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850)
at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850)
at
java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4293)
at
java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791)
at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791)
at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850)
at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850)
at
java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4293)
at
java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791)
at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791)
at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850)
at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850)
at
java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4293)
at
java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791)
at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791)
at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850)
at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850)
at
java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4293)
at
java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791)
at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791)
at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850)
at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700)
at
java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927)
{code}
> java.lang.StackOverflowError in XSSFilterImpl.filter for long URLs
> ------------------------------------------------------------------
>
> Key: SLING-9613
> URL: https://issues.apache.org/jira/browse/SLING-9613
> Project: Sling
> Issue Type: Bug
> Components: XSS Protection API
> Affects Versions: XSS Protection API 2.0.8, XSS Protection API 2.0.10, XSS
> Protection API 2.0.12, XSS Protection API 2.0.14, XSS Protection API 2.1.0,
> XSS Protection API 2.1.6, XSS Protection API 2.1.8
> Reporter: Antonio Sanso
> Assignee: Radu Cotescu
> Priority: Major
>
> Attempting to filter the following HTML snippet results in a
> {{StackOverflowError}}:
> {code:html}
> <a
> href="https://google.com/t/r/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";>
> Click here to access replay webcast</a>
> {code}
> {code:java}
> java.lang.StackOverflowError
> at
> java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3939)
> at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4804)
> at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4749)
> at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4804)
> at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4941)
> at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4863)
> at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4713)
> at
> java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3964)
> at
> java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3964)
> at
> java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3964)
> at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4749)
> at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4804)
> at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4941)
> at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4863)
> at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4713)
> at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4863)
> at
> java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4306)
> at
> java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3940)
> at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4804)
> at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4749)
> at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4804)
> ...
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
