in src/main/java/org/apache/sling/scripting/sightly/impl/engine/extension/XSSRuntimeExtension.java [57:82]
public Object call(final RenderContext renderContext, Object... arguments) {
if (arguments.length < 2) {
throw new SightlyException(
String.format("Extension %s requires at least %d arguments", RuntimeExtension.XSS, 2));
}
Object original = arguments[0];
Object option = arguments[1];
Object hint = null;
if (arguments.length >= 3) {
hint = arguments[2];
}
MarkupContext markupContext = null;
if (option instanceof String) {
String name = (String) option;
markupContext = MarkupContext.lookup(name);
}
if (markupContext == MarkupContext.UNSAFE) {
return original;
}
if (markupContext == null) {
LOG.warn("Expression context {} is invalid, expression will be replaced by the empty string", option);
return "";
}
String text = renderContext.getObjectModel().toString(original);
return applyXSSFilter(text, hint, markupContext);
}