sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Norman (Jira)" <j...@apache.org>
Subject [jira] [Commented] (SLING-10158) XSSFilter fails with a classloading error with the TreeWalker class
Date Thu, 25 Feb 2021 18:27:00 GMT

    [ https://issues.apache.org/jira/browse/SLING-10158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17291129#comment-17291129
] 

Eric Norman commented on SLING-10158:
-------------------------------------

[~radu] Not a problem.  I noticed the troubles right away after switching.  Perhaps it
would be worth it to add some simple integration tests so things like this would be detected
without manual testing.

> XSSFilter fails with a classloading error with the TreeWalker class
> -------------------------------------------------------------------
>
>                 Key: SLING-10158
>                 URL: https://issues.apache.org/jira/browse/SLING-10158
>             Project: Sling
>          Issue Type: Bug
>    Affects Versions: XSS Protection API 2.2.10
>            Reporter: Eric Norman
>            Assignee: Eric Norman
>            Priority: Major
>             Fix For: XSS Protection API 2.2.12
>
>
> After switching to xss v2.2.10 many pages fail with a classloading exception regarding
the org.apache.xml.serializer.TreeWalker class
> For example, the composium browser at [http://localhost:8080/bin/browser.html] fails
with this error:
> {noformat}
> org/apache/xml/serializer/TreeWalker (500)
> The requested URL /bin/browser.html resulted in an error in /libs/composum/nodes/browser/browser.jsp.
> Exception:
> java.lang.NoClassDefFoundError: org/apache/xml/serializer/TreeWalker
>     at org.apache.xalan.processor.TransformerFactoryImpl.newTransformer(TransformerFactoryImpl.java:818)
>     at org.owasp.validator.html.scan.AntiSamySAXScanner.getNewTransformer(AntiSamySAXScanner.java:178)
>     at org.owasp.validator.html.scan.AntiSamySAXScanner.scan(AntiSamySAXScanner.java:133)
>     at org.owasp.validator.html.scan.AntiSamySAXScanner.scan(AntiSamySAXScanner.java:107)
>     at org.owasp.validator.html.scan.AntiSamySAXScanner.scan(AntiSamySAXScanner.java:89)
>     at org.owasp.validator.html.AntiSamy.scan(AntiSamy.java:129)
>     at org.owasp.validator.html.AntiSamy.scan(AntiSamy.java:75)
>     at org.apache.sling.xss.impl.HtmlToHtmlContentContext.getCleanResults(HtmlToHtmlContentContext.java:98)
>     at org.apache.sling.xss.impl.HtmlToHtmlContentContext.filter(HtmlToHtmlContentContext.java:68)
>     at org.apache.sling.xss.impl.XSSFilterImpl.filter(XSSFilterImpl.java:200)
>     at org.apache.sling.xss.impl.XSSFilterImpl.filter(XSSFilterImpl.java:194)
>     at com.composum.sling.core.util.XSS.filter(XSS.java:282)
>     at com.composum.sling.core.util.ConsoleUtil.getConsoleResource(ConsoleUtil.java:31)
>     at com.composum.sling.core.AbstractServletBean.initialize(AbstractServletBean.java:33)
>     at com.composum.sling.core.BeanContext$AbstractContext.tryToInstantiateSlingBean(BeanContext.java:266)
>     at com.composum.sling.core.BeanContext$AbstractContext.adaptTo(BeanContext.java:246)
>     at com.composum.sling.core.BeanContext$Page.adaptTo(BeanContext.java:571)
>     at com.composum.sling.cpnl.ComponentTag.createComponent(ComponentTag.java:220)
>     at com.composum.sling.cpnl.ComponentTag.doStartTag(ComponentTag.java:73)
>     at org.apache.jsp.libs.composum.nodes.browser.browser__002e__jsp._jspService(browser__002e__jsp.java:112)
>     at org.apache.sling.scripting.jsp.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
>     at org.apache.sling.scripting.jsp.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:496)...
> {noformat}
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message