private void removeAttributeGuards()

in src/main/java/org/apache/sling/xss/impl/AntiSamyPolicyAdapter.java [256:276]

• 14 lines of code
• 2 McCabe index (conditional complexity)

    private void removeAttributeGuards() {
        try {
            Field guards = HtmlPolicyBuilder.class.getDeclaredField("ATTRIBUTE_GUARDS");

            // although it looks distasteful, the 'sun.misc.Unsafe' approach is the only one that
            // works with Java 8 through 17 .
            Field f = Unsafe.class.getDeclaredField("theUnsafe");
            f.setAccessible(true);
            Unsafe unsafe = (Unsafe) f.get(null);
            
            // required to be able to get the static field base
            unsafe.ensureClassInitialized(HtmlPolicyBuilder.class);
            
            Object fieldBase = unsafe.staticFieldBase(guards);
            long fieldOffset = unsafe.staticFieldOffset(guards);
            unsafe.putObject(fieldBase, fieldOffset, new HashMap<>());

        } catch (ReflectiveOperationException e) {
            throw new IllegalStateException(e);
        }
    }