如何在cq 5.5中配置antisamy? [英] How to configure antisamy in cq 5.5?
问题描述
我有cq 5.5项目。
I have cq 5.5 project.
我想防止XSS攻击。
根据此链接 cq提供与AntiSamy项目的集成。
According this link cq provides integration with AntiSamy project.
请提供与AntiSamy集成的具体步骤,因为我确实找不到它。
Please provide concrete steps for integration with AntiSamy because I really cannot find it.
我应该在这样的地方写这样的代码吗?
Should I write code like this somewhere?
import org.owasp.validator.html.*;
Policy policy = Policy.getInstance(POLICY_FILE_LOCATION);
AntiSamy as = new AntiSamy();
CleanResults cr = as.scan(dirtyInput, policy);
MyUserDAO.storeUserProfile(cr.getCleanHTML()); // some custom function
推荐答案
CQ已经基于AntiSamy项目。如果默认配置不符合您的需要,则只需提供自定义的反卫星配置。
The XSS protection mechanism offered by CQ is already based on the AntiSamy Project. You only need to provide your custom antisamy configuration, in case the default configuration doesn't suit your needs.
默认的反卫星配置位于 /libs/cq/xssprotection/config.xml ,可以在 / apps 中将您的自定义配置覆盖。
The default antisamy configuration is present at /libs/cq/xssprotection/config.xml, which can be overlaid with your custom config within /apps.
您可以使用CQ中提供的XSS Protection API来保护您的网站免受安全攻击。 XSSAPI 和 XSSFilter 类提供了各种方法来验证给定的值。
You can make use of the XSS Protection API available in CQ, to protect your website from security attacks. The XSSAPI and the XSSFilter classes provide various methods to validate the given values.
xssAPI 在包含 /libs/foundation/global.jsp 时可用作隐式对象,而
The xssAPI is available as an implicit object on inclusion of /libs/foundation/global.jsp, whereas the XSSFilter can be obtained and used as shown below.
XSSFilter xssFilter = sling.getService(XSSFilter.class);
String filteredString = xssFilter.filter(ProtectionContext.HTML_HTML_CONTENT,
dirtyInput, POLICY_FILE_LOCATION);
您可以找到一些预定义的策略文件和创建新配置的步骤此处。
You can find some predefined policy files and steps to create a new configuration here.
更新:
如果您不想使用XSS API,则需要在实例中安装owasp esapi软件包,然后您可以使用问题中提到的代码。
In case you do not want to use the XSS API, then you need to have the owasp esapi bundle installed in your instance, and then you can use the code mentioned in the question.
这篇关于如何在cq 5.5中配置antisamy?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
