in src/main/java/org/apache/sling/xss/impl/webconsole/XSSProtectionAPIWebConsolePlugin.java [178:208]
private void writeAntiSamyConfiguration(String consoleRoot, HttpServletResponse response) {
response.setContentType("text/html");
XSSFilterImpl xssFilterImpl = (XSSFilterImpl) xssFilter;
XSSFilterImpl.AntiSamyPolicy antiSamyPolicy = xssFilterImpl.getActivePolicy();
if (antiSamyPolicy != null) {
try {
PrintWriter printWriter = response.getWriter();
printWriter.printf(SCRIPT_TAG, consoleRoot + RES_URI_CONFIG_JS);
printWriter.write("<div id='config'>");
printWriter.printf(LINK_TAG, consoleRoot + RES_URI_PRETTIFY_CSS);
printWriter.printf(SCRIPT_TAG, consoleRoot + RES_URI_PRETTIFY_JS);
printWriter.write("<p class='statline ui-state-highlight'>The current AntiSamy configuration ");
if (antiSamyPolicy.isEmbedded()) {
printWriter.write("is the default one embedded in the org.apache.sling.xss bundle.");
} else {
printWriter.printf("is loaded from %s.", antiSamyPolicy.getPath());
}
printWriter.write(
"<button style='float:right' type='button' id='download-config'>Download</button></p>");
printWriter.write("<pre class='prettyprint linenums'>");
ByteArrayOutputStream configStream = new ByteArrayOutputStream();
xssFilterImpl.writeActivePolicyConfig(configStream);
String contents = new String(configStream.toByteArray(), StandardCharsets.UTF_8);
printWriter.write(StringEscapeUtils.escapeHtml4(contents));
printWriter.write("</pre>");
printWriter.write("</div>");
} catch (IOException e) {
LOGGER.error("Unable to write the AntiSamy configuration tab.", e);
}
}
}