private boolean runHrefValidation()

in src/main/java/org/apache/sling/xss/impl/XSSFilterImpl.java [257:283]

• 26 lines of code
• 6 McCabe index (conditional complexity)

    private boolean runHrefValidation(@NotNull String url) {
        // Same logic as in org.owasp.validator.html.scan.MagicSAXFilter.startElement()
        String urlLowerCase = url.toLowerCase();
        boolean isValid = hrefAttribute.containsAllowedValue(urlLowerCase);
        if (!isValid) {
            try {
                isValid = hrefAttribute.matchesAllowedExpression(urlLowerCase);
            } catch (StackOverflowError e) {
                logger.debug(
                        "Detected a StackOverflowError when validating url {} with configured regexes. Trying fallback.",
                        url);
                try {
                    isValid = FALLBACK_HREF_ATTRIBUTE.containsAllowedValue(urlLowerCase);
                    if (!isValid) {
                        isValid = FALLBACK_HREF_ATTRIBUTE.matchesAllowedExpression(urlLowerCase);
                    }
                } catch (StackOverflowError inner) {
                    logger.debug("Detected a StackOverflowError when validating url {} with fallback regexes", url);
                }
            }
        }
        if (!isValid) {
            statusService.reportInvalidUrl(url);
            Optional.ofNullable(metricsService).ifPresent(service -> service.invalidHref());
        }
        return isValid;
    }