in src/main/java/org/apache/sling/xss/impl/webconsole/XSSProtectionAPIWebConsolePlugin.java [174:204]
private void writeAntiSamyConfiguration(String consoleRoot, HttpServletResponse response) {
response.setContentType("text/html");
XSSFilterImpl xssFilterImpl = (XSSFilterImpl) xssFilter;
XSSFilterImpl.AntiSamyPolicy antiSamyPolicy = xssFilterImpl.getActivePolicy();
if (antiSamyPolicy != null) {
try {
PrintWriter printWriter = response.getWriter();
printWriter.printf(SCRIPT_TAG, consoleRoot + RES_URI_CONFIG_JS);
printWriter.write("<div id='config'>");
printWriter.printf(LINK_TAG, consoleRoot + RES_URI_PRETTIFY_CSS);
printWriter.printf(SCRIPT_TAG, consoleRoot + RES_URI_PRETTIFY_JS);
printWriter.write("<p class='statline ui-state-highlight'>The current AntiSamy configuration ");
if (antiSamyPolicy.isEmbedded()) {
printWriter.write("is the default one embedded in the org.apache.sling.xss bundle.");
} else {
printWriter.printf("is loaded from %s.", antiSamyPolicy.getPath());
}
printWriter.write("<button style='float:right' type='button' id='download-config'>Download</button></p>");
String contents = "";
try (InputStream configurationStream = antiSamyPolicy.read()) {
contents = IOUtils.toString(configurationStream, StandardCharsets.UTF_8);
}
printWriter.write("<pre class='prettyprint linenums'>");
printWriter.write(StringEscapeUtils.escapeHtml4(contents));
printWriter.write("</pre>");
printWriter.write("</div>");
} catch (IOException e) {
LOGGER.error("Unable to write the AntiSamy configuration tab.", e);
}
}
}