sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hans-Peter Stoerr (JIRA)" <j...@apache.org>
Subject [jira] [Created] (SLING-8404) Provide an API-JAR for the XSS Protection API
Date Tue, 07 May 2019 10:43:00 GMT
Hans-Peter Stoerr created SLING-8404:
----------------------------------------

             Summary: Provide an API-JAR for the XSS Protection API
                 Key: SLING-8404
                 URL: https://issues.apache.org/jira/browse/SLING-8404
             Project: Sling
          Issue Type: Improvement
          Components: XSS Protection API
    Affects Versions: XSS Protection API 2.0.12, XSS Protection API 2.1.8
            Reporter: Hans-Peter Stoerr


The JAR for the org.apache.sling.xss exports only one package, org.apache.sling.xss, but embeds
loads of dependencies it does not export with OSGI. If one needs this as a maven dependency,
you get all that unwanted stuff in your classpath. In our case it even produced very puzzling
compile errors, sinceĀ org.apache.sling.xss included commons-beanutils version 1.7.0, and
we used a new method from version 1.8.3.

So, could you please provide an API jar that only contains the org.apache.sling.xss package?
It's interface is so simple that this wouldn't have many dependencies.

In case someone else has that problem: we worked around that for now by setting org.apache.sling.xss
to optional and explicitly importing it only where that's actually needed in the code. Thus,
at least it does not mess up the classpaths of the artefacts further down the dependency chain;
sometimes it had to be included in test scope, though.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message