Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.

Policy parameter in com.adobe.granite.xss.XSSFilterImpl check method

Avatar

Level 2

Hello Members,

I am basically trying to check for XSS policy violations by scanning a particular request parameter passed to the "check" method [with definition: check(ProtectionContext var1, String var2, String var3)] in the com.adobe.granite.xss.XSSFilterImpl implementation, and trying to check that parameter against a particular regex pattern. By looking deeper into the XSSFilterImpl check method definition, I found that the third parameter  of the "check" method is regarding a policy - the name/path of the policy to use. Can anyone please provide me more information regarding the policy, and the way by which I can pass my custom policy to check for XSS policy violations?

Thanks,

Umashankar

4 Replies

Avatar

Level 10

I am checking internally  - this is a very rare question and there is no docs on this.

Avatar

Level 2

Exactly, Mac. Even I tried to look into the API documentation and all other descriptive texts, but couldn't find any information about this. I even tried to pass the regex pattern as the policy parameter to the "check" method, but that didn't seem to work.

Avatar

Level 2

Did you find any assistive docs pertaining to this?