In AEM 6.2 com.adobe.granite.xss.XSSAPI is deprecated and use of org.apache.sling.xss.XSSAPI is suggested, however cq:defineObjects in http://www.day.com/taglibs/cq/1.0 still uses the deprecated one.
Is there any new taglib version which i need to use in my global.jsp?
Check this community article :-
// This covers simple JSP EL functions for XSS protection using the XSSAPI service provided by AEM.
Add taglib declaration: <%@ taglib prefix="xss" uri="http://www.adobe.com/consulting/acs-aem-commons/xss" %>
%><%@ taglib prefix="xss" uri="http://www.adobe.com/consulting/acs-aem-commons/xss" %>
I hope this would help you.
How about adapting the sling request to org.apache.sling.xss.XSSAPI?
import org.apache.sling.xss.XSSAPI; import org.apache.sling.api.SlingHttpServletRequest; // (...) // request is an instance of SlingHttpServletRequest XSSAPI xssapi = request.adaptTo(XSSAPI.class); String encodedAttr = xssapi.encodeForHTMLAttr(someUnsafeValue);
I believe I've seen something similar in XSSRuntimeExtension.obtainAPI().
We are currently using ACS commons deprecated taglib. The only solution I can think is of creating a custom tag library(for the time being we are having JSPs) exposing all methods as ACS taglib but using Sling XSSAPI internally. It will require change in only global.jsp. Also HTL global object xssAPI is of deprecated XSSAPI as mentioned here : https://helpx.adobe.com/experience-manager/htl/using/global-objects.html