Build failed in Jenkins: sling-trunk-1.5 #1599

2012-02-24 Thread Apache Jenkins Server
See Changes: [thecarlhall] SLING-2427 Escape the resource metadata in HtmlRendererServlet to stop HTML injects via URL. -- [...truncated 18241 lines...] T E S T S --

Build failed in Jenkins: sling-trunk-1.6 #1267

2012-02-24 Thread Apache Jenkins Server
See Changes: [thecarlhall] SLING-2427 Escape the resource metadata in HtmlRendererServlet to stop HTML injects via URL. -- [...truncated 16182 lines...] T E S T S --

[jira] [Resolved] (SLING-2427) HtmlRendererServlet allows outputting arbitrary HTML

2012-02-24 Thread Carl Hall (Resolved) (JIRA)
[ https://issues.apache.org/jira/browse/SLING-2427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carl Hall resolved SLING-2427. -- Resolution: Fixed Fix Version/s: Servlets Get 2.1.4 Fixed in r1293518 > HtmlRen

[jira] [Updated] (SLING-2427) HtmlRendererServlet allows outputting arbitrary HTML

2012-02-24 Thread Carl Hall (Updated) (JIRA)
[ https://issues.apache.org/jira/browse/SLING-2427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carl Hall updated SLING-2427: - Description: When using HtmlRendererServlet to return content in an HTML format, it is possible to injec

[jira] [Created] (SLING-2427) HtmlRendererServlet allows outputting arbitrary HTML

2012-02-24 Thread Carl Hall (Created) (JIRA)
HtmlRendererServlet allows outputting arbitrary HTML Key: SLING-2427 URL: https://issues.apache.org/jira/browse/SLING-2427 Project: Sling Issue Type: Bug Components: Servlets

[jira] [Commented] (SLING-2426) SlingSafeMethodsServlet's default HEAD implementation not completely RFC compliant

2012-02-24 Thread Roy T. Fielding (Commented) (JIRA)
[ https://issues.apache.org/jira/browse/SLING-2426?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13216128#comment-13216128 ] Roy T. Fielding commented on SLING-2426: There is no need to fix this. Both Conte

[jira] [Commented] (SLING-2426) SlingSafeMethodsServlet's default HEAD implementation not completely RFC compliant

2012-02-24 Thread Felix Meschberger (Commented) (JIRA)
[ https://issues.apache.org/jira/browse/SLING-2426?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13215801#comment-13215801 ] Felix Meschberger commented on SLING-2426: -- Hmm, the problematic sentence is "mig

Re: [ResourceResolver] sling:alias support

2012-02-24 Thread Felix Meschberger
Hi, Am 24.02.2012 um 15:10 schrieb Jeff Young: > Antonio, > > Not quite direct evidence, but probably close enough to act on. The actual evidence is just the code that is built to run to evaluate the alias properties. They are used as a last resort for resolving an URL. Consider a deep and b

[jira] [Updated] (SLING-2426) SlingSafeMethodsServlet's default HEAD implementation not completely RFC compliant

2012-02-24 Thread Boris Pruessmann (Updated) (JIRA)
[ https://issues.apache.org/jira/browse/SLING-2426?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Boris Pruessmann updated SLING-2426: Affects Version/s: (was: Servlets Get 2.1.2) API 2.2.0 > Sli

Re: [ResourceResolver] sling:alias support

2012-02-24 Thread Michael Dürig
On 24.2.12 12:48, Jeff Young wrote: Felix, Have we done any profiling to confirm that sling:alias resolution does actually contribute a meaningful percentage? Here is a graph [1] which shows that adding nodes one by one scales linearly in the number of nodes already added. The horizontal

[jira] [Created] (SLING-2426) SlingSafeMethodsServlet's default HEAD implementation not completely RFC compliant

2012-02-24 Thread Boris Pruessmann (Created) (JIRA)
SlingSafeMethodsServlet's default HEAD implementation not completely RFC compliant -- Key: SLING-2426 URL: https://issues.apache.org/jira/browse/SLING-2426 Project: Sling

RE: [ResourceResolver] sling:alias support

2012-02-24 Thread Jeff Young
Antonio, Not quite direct evidence, but probably close enough to act on. +1 BTW: is it the checking for an alias that slows things down, or the resolution of the alias path? If the later, it'd be nice to spit out a warning to the log if we ever find a sling:alias but the configuration is set

Re: [ResourceResolver] sling:alias support

2012-02-24 Thread Antonio Sanso
Hi Jeff On Feb 24, 2012, at 1:48 PM, Jeff Young wrote: > Felix, > > Have we done any profiling to confirm that sling:alias resolution does > actually contribute a meaningful percentage? we have a Jira ticket somehow related [0]. Not profiling though. There is some kind of profiling for vanit

RE: [ResourceResolver] sling:alias support

2012-02-24 Thread Jeff Young
Felix, Have we done any profiling to confirm that sling:alias resolution does actually contribute a meaningful percentage? Jeff. -Original Message- From: Felix Meschberger [mailto:fmesc...@adobe.com] Sent: 24 February 2012 10:13 To: dev@sling.apache.org Subject: [ResourceResolver] sli

Re: [ResourceResolver] sling:alias support

2012-02-24 Thread Antonio Sanso
+1 Antonio On Feb 24, 2012, at 11:12 AM, Felix Meschberger wrote: > Hi all, > > We have had support for sling:alias properties for a long time. This allows > to create URL aliases for example for i18n. Yet, it also creates some > overhead for resolution of non-existing URLs. > > Whenever a

[ResourceResolver] sling:alias support

2012-02-24 Thread Felix Meschberger
Hi all, We have had support for sling:alias properties for a long time. This allows to create URL aliases for example for i18n. Yet, it also creates some overhead for resolution of non-existing URLs. Whenever an URL cannot directly be resolved it is split in segments and the resource tree is w