Hi ronald ploeger,
xssAPI on top of esapi take care of CQ-specific things like escape non-URL characters in path etc.. Additionally in future might change/add additional library apart from ESAPI due to these reason the xssAPI api is made available rather than exposing esapi taglib.
Thanks for your answer. I see.
I guess it would be good to have a CQ specific taglib similar to the one provided by ESAPI. This would enable developers to keep JSPs clean of scriptlets and enable them to use expression langauge, e.g.
1 person found this helpful
There is already a supporting tab library for XSS protection. An example to apply policy to an HTML source string to clean it up is .
Document request was already been placed. Might be some of the functionality you are looking would be missing. Please file daycare with business case.
<%@ taglib uri="http://www.day.com/taglibs/cq/xss/1.0" prefix=“cqxss” %>
<cqxss:out><%= attributename %><cq:xss:out>