[ https://issues.apache.org/jira/browse/SLING-11111?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17486537#comment-17486537 ]
Robert Munteanu commented on SLING-11111: ----------------------------------------- I created a draft PR at https://github.com/apache/sling-org-apache-sling-xss/pull/14, but we need to discuss how to address the new warnings that are emitted {noformat} 03.02.2022 15:37:05.472 *WARN* [Apache Sling Repository Startup Thread #1] org.owasp.validator.html.Policy The directive "noopenerAndNoreferrerAnchors" is not enabled by default. It is recommended to enable it to prevent reverse tabnabbing attacks. 03.02.2022 15:37:05.516 *WARN* [Apache Sling Repository Startup Thread #1] org.owasp.validator.html.Policy The directive "noopenerAndNoreferrerAnchors" is not enabled by default. It is recommended to enable it to prevent reverse tabnabbing attacks. {noformat} > Update to AntiSamy 1.6.5 > ------------------------ > > Key: SLING-11111 > URL: https://issues.apache.org/jira/browse/SLING-11111 > Project: Sling > Issue Type: Improvement > Components: XSS Protection API > Reporter: Robert Munteanu > Assignee: Robert Munteanu > Priority: Major > Fix For: XSS Protection API 2.2.20 > > Time Spent: 20m > Remaining Estimate: 0h > > There is a new release of AntiSamy, which has changed the way XML Transformer > Factory is looked up. We should investigate is this is a viable change for > us, since it uses system properties. > See [AntiSamy commit > 7ff740de|https://github.com/nahsra/antisamy/commit/7ff740de5cd3577c49aca61c985f376de9f8884c] > and [AntiSamy issue 103|https://github.com/nahsra/antisamy/issues/103]. -- This message was sent by Atlassian Jira (v8.20.1#820001)