Adobe Experience Manager Sites & More

umashankar_d · 10/29/17

Hello Members,

I am basically trying to check for XSS policy violations by scanning a particular request parameter passed to the "check" method [with definition: check(ProtectionContext var1, String var2, String var3)] in the com.adobe.granite.xss.XSSFilterImpl implementation, and trying to check that parameter against a particular regex pattern. By looking deeper into the XSSFilterImpl check method definition, I found that the third parameter of the "check" method is regarding a policy - the name/path of the policy to use. Can anyone please provide me more information regarding the policy, and the way by which I can pass my custom policy to check for XSS policy violations?

Thanks,

Umashankar

smacdonald2008 · 10/30/17

I am checking internally - this is a very rare question and there is no docs on this.

umashankar_d · 10/30/17

Exactly, Mac. Even I tried to look into the API documentation and all other descriptive texts, but couldn't find any information about this. I even tried to pass the regex pattern as the policy parameter to the "check" method, but that didn't seem to work.

umashankar_d · 11/2/17

Did you find any assistive docs pertaining to this?

smacdonald2008 · 11/2/17

Only Javadocs - com.adobe.granite.xss ("The Adobe AEM Quickstart and Web Application.")

Adobe Experience Manager Sites & More

Policy parameter in com.adobe.granite.xss.XSSFilterImpl check method

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe