Highlighted

Policy parameter in com.adobe.granite.xss.XSSFilterImpl check method

Avatar

Avatar

umashankar_d

Avatar

umashankar_d

umashankar_d

29-10-2017

Hello Members,

I am basically trying to check for XSS policy violations by scanning a particular request parameter passed to the "check" method [with definition: check(ProtectionContext var1, String var2, String var3)] in the com.adobe.granite.xss.XSSFilterImpl implementation, and trying to check that parameter against a particular regex pattern. By looking deeper into the XSSFilterImpl check method definition, I found that the third parameter  of the "check" method is regarding a policy - the name/path of the policy to use. Can anyone please provide me more information regarding the policy, and the way by which I can pass my custom policy to check for XSS policy violations?

Thanks,

Umashankar

Replies

Highlighted

Avatar

Avatar

smacdonald2008

Total Posts

(val/1000)?string[".0"]}K

Likes

(val/1000)?string[".0"]}K

Correct Answer

(val/1000)?string[".0"]}K

Avatar

smacdonald2008

Total Posts

(val/1000)?string[".0"]}K

Likes

(val/1000)?string[".0"]}K

Correct Answer

(val/1000)?string[".0"]}K
smacdonald2008

30-10-2017

I am checking internally  - this is a very rare question and there is no docs on this.

Highlighted

Avatar

Avatar

umashankar_d

Avatar

umashankar_d

umashankar_d

30-10-2017

Exactly, Mac. Even I tried to look into the API documentation and all other descriptive texts, but couldn't find any information about this. I even tried to pass the regex pattern as the policy parameter to the "check" method, but that didn't seem to work.

Highlighted

Avatar

Avatar

umashankar_d

Avatar

umashankar_d

umashankar_d

02-11-2017

Did you find any assistive docs pertaining to this?

Avatar

Avatar

smacdonald2008

Total Posts

(val/1000)?string[".0"]}K

Likes

(val/1000)?string[".0"]}K

Correct Answer

(val/1000)?string[".0"]}K

Avatar

smacdonald2008

Total Posts

(val/1000)?string[".0"]}K

Likes

(val/1000)?string[".0"]}K

Correct Answer

(val/1000)?string[".0"]}K
smacdonald2008

02-11-2017