ExpressionSecurityValidator (The Adobe Experience Manager SDK 2026.3.25194.20260330T181734Z-260300)

@ProviderType public interface ExpressionSecurityValidator

Service interface for EL expression security validation. This service can be used by other bundles to validate EL expressions for security issues.

The validation process includes checking for:

Configurable denylist patterns (checked first)
Static allowlist for AEM solution expressions
Customer configurable allowlist
Arithmetic expressions that might indicate injection
Dangerous class access patterns

Since:: 5.10.15

Method Summary

Modifier and Type

Method

Description

String

sanitizeExpression(String expression)

Sanitizes an EL expression by removing dangerous content.

void

validateExpression(String expression)

Validates an EL expression for security issues.

Method Details
- validateExpression
  
  void validateExpression(String expression) throws ELException
  
  Validates an EL expression for security issues.
  
  Parameters:
  
  expression - The EL expression to validate
  
  Throws:
  
  ELException - if the expression contains dangerous patterns
- sanitizeExpression
  
  String sanitizeExpression(String expression)
  
  Sanitizes an EL expression by removing dangerous content.
  
  Parameters:
  
  expression - The EL expression to sanitize
  
  Returns:
  
  A safe version of the expression