Highlighted

Policy parameter in com.adobe.granite.xss.XSSFilterImpl check method

Avatar

Avatar

umashankar_d

Avatar

umashankar_d

umashankar_d

29-10-2017

Hello Members,

I am basically trying to check for XSS policy violations by scanning a particular request parameter passed to the "check" method [with definition: check(ProtectionContext var1, String var2, String var3)] in the com.adobe.granite.xss.XSSFilterImpl implementation, and trying to check that parameter against a particular regex pattern. By looking deeper into the XSSFilterImpl check method definition, I found that the third parameter  of the "check" method is regarding a policy - the name/path of the policy to use. Can anyone please provide me more information regarding the policy, and the way by which I can pass my custom policy to check for XSS policy violations?

Thanks,

Umashankar

Replies

Highlighted

Avatar

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Answer

2.3K

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Answer

2.3K
smacdonald2008

30-10-2017

I am checking internally  - this is a very rare question and there is no docs on this.

Highlighted

Avatar

Avatar

umashankar_d

Avatar

umashankar_d

umashankar_d

30-10-2017

Exactly, Mac. Even I tried to look into the API documentation and all other descriptive texts, but couldn't find any information about this. I even tried to pass the regex pattern as the policy parameter to the "check" method, but that didn't seem to work.

Avatar

Avatar

umashankar_d

Avatar

umashankar_d

umashankar_d

02-11-2017

Did you find any assistive docs pertaining to this?

Highlighted

Avatar

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Answer

2.3K

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Answer

2.3K
smacdonald2008

02-11-2017