Large message size causing error with xssAPI.filterHTML in AEM 6.1 ?

 

Question: After a batch import, we get the following error in /libs/cq/gui/components/endor/badge/badge.jsp which prevented the touch UI from completely loading the authoring page

  1. java.lang.RuntimeException: Unable to scan input
  2. at org.apache.sling.xss.impl.HtmlToHtmlContentContext.filter(HtmlToHtmlContentContext.java:71)
  3. at org.apache.sling.xss.impl.XSSFilterImpl.filter(XSSFilterImpl.java:183)
  4. at org.apache.sling.xss.impl.XSSFilterImpl.filter(XSSFilterImpl.java:87)
  5. at org.apache.sling.xss.impl.XSSAPIImpl.filterHTML(XSSAPIImpl.java:332)
  6. at com.adobe.granite.xss.impl.XSSAPIImpl.filterHTML(XSSAPIImpl.java:101)
  7. at org.apache.jsp.apps.cq.gui.components.endor.badge.badge_jsp._jspService(badge_jsp.java:821)
  8. at org.apache.sling.scripting.jsp.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
  9. at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)

Answer:  XSS API in AEM uses anti samy api for html encoding. The anti samy API is configured with an XML file also known as anti-samy rules. In AEM 6.1 the rules are configured in SLING-INF.content/config.xml file present in com.day.cq.cq-xssprotection-5.5.24.jar file.  And as per that configuration the maximum input size allowed is 200000 bytes which is lower than the input size you are passing and that’s why you see this exception.

<directives>

  1. <directive name=“omitXmlDeclaration” value=“true”/>
  2. <directive name=“omitDoctypeDeclaration” value=“true”/>
  3. <directive name=“maxInputSize” value=“200000”/>
  4. <directive name=“useXHTML” value=“true”/>
  5. <directive name=“formatOutput” value=“true”/>

Leave a Reply

Your email address will not be published. Required fields are marked *