Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

XssApi is null - 6.5

Avatar

Avatar
Validate 1
Level 3
sdouglasmc
Level 3

Likes

22 likes

Total Posts

83 posts

Correct Reply

4 solutions
Top badges earned
Validate 1
Give Back
Ignite 1
Boost 5
Boost 3
View profile

Avatar
Validate 1
Level 3
sdouglasmc
Level 3

Likes

22 likes

Total Posts

83 posts

Correct Reply

4 solutions
Top badges earned
Validate 1
Give Back
Ignite 1
Boost 5
Boost 3
View profile
sdouglasmc
Level 3

28-10-2019

I'm going through an upgrade from 6.3 to the latest 6.5.  In the code there are lines to get a reference to the XssApi:

import org.apache.sling.xss.XSSAPI;

this.xssAPI = this.resource.getResourceResolver().adaptTo(XSSAPI.class);

The problem is... xssAPI is "null".  I've tried referencing it as well with no luck:

@Reference

private XSSAPI xssAPI;

Has anyone else come across this issue?

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Boost 3
Level 1
Masoud_Rozati
Level 1

Likes

3 likes

Total Posts

5 posts

Correct Reply

1 solution
Top badges earned
Boost 3
Boost 1
Affirm 1
View profile

Avatar
Boost 3
Level 1
Masoud_Rozati
Level 1

Likes

3 likes

Total Posts

5 posts

Correct Reply

1 solution
Top badges earned
Boost 3
Boost 1
Affirm 1
View profile
Masoud_Rozati
Level 1

28-10-2019

I had the same issue with adapting sling XSSAPI. If you use the (meanwhile deprecated) com.adobe.granite.xss.XSSAPI it can be adapted without any problem. You can also adapt it right from sling request.

Answers (3)

Answers (3)

Avatar

Avatar
Give Back 5
Level 2
vijkumar
Level 2

Likes

15 likes

Total Posts

21 posts

Correct Reply

4 solutions
Top badges earned
Give Back 5
Give Back 3
Give Back
Boost 5
Boost 3
View profile

Avatar
Give Back 5
Level 2
vijkumar
Level 2

Likes

15 likes

Total Posts

21 posts

Correct Reply

4 solutions
Top badges earned
Give Back 5
Give Back 3
Give Back
Boost 5
Boost 3
View profile
vijkumar
Level 2

05-05-2020

@aemdevn @Masoud_Rozati @sdouglasmc 

So this is what has changed and the reason it is failing now, in AEM 6.3 the 'com.adobe.granite.xssprotection' bundle wraps the 'org.apache.sling.xss' bundle and exposes its API with two versions:

  • 1.2.0
  • 2.0.1

In AEM 6.5 the decision by our R&D team was taken to update the 'org.apache.sling.xss' API version to 2.0.1 only. Since now the 'org.apache.sling.xss' bundle allows configuring from where the AntiSamy policy is read, this essentially removes the need for the bundle to be wrapped by the Granite API. Thus now in AEM 6.5 'com.adobe.granite.xssprotection' bundle does not wraps the 'org.apache.sling.xss' bundle. The 'org.apache.sling.xss' bundle is now provided as a individual bundle in AEM 6.5.


As an affect of this change, the classes or scripts referring XSSAPI should be adapted in order to get their 'org.apache.sling.xss.XSSAPI' reference through OSGi dependency injection. Something like [1] should be used in place of [2].


If this is not possible, then the deprecated com.adobe.granite.xss.XSSAPI should be used.

[1]

import org.apache.felix.scr.annotations.Reference;
...

@Reference
private XSSAPI xssAPI;

[2]

XSSAPI xssAPI = request.adaptTo(XSSAPI.class);

AEM6.3AEM6.3AEM6.5AEM6.5AEM6.5AEM6.5

Avatar

Avatar
Validate 1
Level 1
aemdevn
Level 1

Likes

0 likes

Total Posts

2 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 1
aemdevn
Level 1

Likes

0 likes

Total Posts

2 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile
aemdevn
Level 1

02-01-2020

Hi @sdouglasmc 

Experienced the same issue after upgrading to 6.5...

I was using getRequest().adaptTo(org.apache.sling.xss.XSSAPI.class).getValidJSON("data", null) in 6.4.

It failed with an NPE  on getRequest().adaptTo(org.apache.sling.xss.XSSAPI.class);

Some one in https://stackoverflow.com/ gave the idea of using the service from the java class. 

so ended up coding this way:

getSlingScriptHelper().getService(org.apache.sling.xss.XSSAPI.class).getValidJSON(sdProp.toString(), null);

(Im using this from an Use java class)

Mentioning this here, in case this is useful for someones situation..

Thanks for asking the question here.

 

 

Avatar

Avatar
Validate 1
Level 3
sdouglasmc
Level 3

Likes

22 likes

Total Posts

83 posts

Correct Reply

4 solutions
Top badges earned
Validate 1
Give Back
Ignite 1
Boost 5
Boost 3
View profile

Avatar
Validate 1
Level 3
sdouglasmc
Level 3

Likes

22 likes

Total Posts

83 posts

Correct Reply

4 solutions
Top badges earned
Validate 1
Give Back
Ignite 1
Boost 5
Boost 3
View profile
sdouglasmc
Level 3

28-10-2019

Yeah, I tried that and it works just fine.  It's just really odd that it will actually work in 6.3 and not 6.5.  Crazy you have to "revert" for a newer version of AEM.