sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Radu Cotescu (Jira)" <j...@apache.org>
Subject [jira] [Created] (SLING-8866) Add reporting info in the XSS Protection API bundle
Date Fri, 29 Nov 2019 11:20:00 GMT
Radu Cotescu created SLING-8866:
-----------------------------------

             Summary: Add reporting info in the XSS Protection API bundle
                 Key: SLING-8866
                 URL: https://issues.apache.org/jira/browse/SLING-8866
             Project: Sling
          Issue Type: Improvement
          Components: XSS Protection API
            Reporter: Radu Cotescu
             Fix For: XSS Protection API 2.2.0


The XSS Protection API should be enhanced to provide some reporting about invalid URLs in
order to allow operators of a Sling instance to monitor the state of the system (e.g. incorrect
AntiSamy configurations, attacks, DOS attempts, etc.).

The following ideas should be taken into consideration:
# add last X blocked expressions to the Sling XSS Web Console page
# generate blocked metrics, based on configurable paths, e.g. {{/libs}}, {{/apps}}, {{/content}}.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message