projectdoc Toolbox

Space shortcuts

Page tree

Versions Compared

Old Version 8

changes.mady.by.user Robert Reiner

Saved on

compared with

New Version Current

changes.mady.by.user Robert Reiner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Section
titleNew and Noteworthy


Section
titleSecurity Issues

Originally the projectdoc Toolbox was designed for small teams of developers where the team had full access to the server. Therefore making use cases possible had been the main concern at first. So we were for instance allowing any protocol for a HTTP request to enable the team to access their ressource. This has changed since larger companies started to use the projectdoc Toolbox for the information architecture.

As a preparation step for data center support this release removes a couple of security related issues. The attacker needed to have write access privileges to pages to take advantage of these issues.

To not break existing API this version introduces strict HTML rendering as a feature required to actively turned on. In the next major version this feature is activated by default.

Caution Box
titleStrict HTML Encoding recommended

It is recommended to set the system property 

Static Document Link
documentStrict HTML Encoding
label${Identifier}
to true.

Please check if you are using lax encoding with render templates, such as in the Select Parameter of the 

Static Document Link
documentDisplay Table Macro
.

The following issues fall into this category.

Jira
serversmartics JIRA
columnIdsissuekey,summary,issuetype,priority,description
columnskey,summary,type,priority,description
maximumIssues1000
jqlQueryproject = 'projectdoc Toolbox' && (fixVersion IN ('4.13.0', '4.13.1')) && "Quality"="Security" ORDER BY priority DESC, type DESC
serverId79ad43bc-d289-364e-bfc7-46c09847bebd


Section
titleReference Support for Query Parameters

Query parameters may specify complex templates to render property values. To store these templates in one location as a space property, the macro parameters 'select', 'where', and 'sort-by' (for instance of the

Static Document Link
documentDisplay Table Macro
) now support referencing templates. The template of the 
Static Document Link
documentDisplay Document Properties Macro
also supports this reference.

Simply introduce the parameter value with the paragraph sign (§) and then add the name of the space property that defines the template.

Note that the template may be formatted with the Confluence editor. For instance to set a property in italics or add a line break.

See

Jira
serversmartics JIRA
serverId79ad43bc-d289-364e-bfc7-46c09847bebd
keyPDAC-1462
and
Jira
serversmartics JIRA
serverId79ad43bc-d289-364e-bfc7-46c09847bebd
keyPDAC-1466
for more information.


Section
titleDetect Health Issues

The 

Static Document Link
documentName List Macro
allows to specify arbitrary names. If the name is actually referencing a document, a link is rendered. This approach is different from using a display property macro where the referenced document is required to exist. The projectdoc Toolbox speaks of name macros as dynamic links and display property macros as dynamic links.

Dynamic links may loose the target document involuntarily. These issues are hard to detect. To help users to find and fix these issues this version of the projectdoc Toolbox adds the following improvements and features.

Jira
serversmartics JIRA
columnIdsissuekey,summary,issuetype,priority,description
columnskey,summary,type,priority,description
maximumIssues1000
jqlQueryproject = 'projectdoc Toolbox' && (fixVersion IN ('4.13.0','4.13.1')) && "Quality"="Maintainability" ORDER BY priority DESC, type DESC
serverId79ad43bc-d289-364e-bfc7-46c09847bebd


Section
titleSpace Property Rendering

We encountered HTML encoding issues with the rendering of space properties. 

Originally the space properties where intended to be plain text properties to be used as variables for matching only. This simple concept has been abandoned a long time ago. Today a space property may contain any HTML fragment. With

Jira
serversmartics JIRA
serverId79ad43bc-d289-364e-bfc7-46c09847bebd
keyPDAC-1469
we fix an issue where the rendered property may not have been HTML encoded.


Section
titlePreparation for Data Center Support

We are working to get the data center compatibility approval of Atlassian for the projectdoc Toolbox.

We plan to provide the data center version by the end of 2021. In summer we will release version 5.0 of the projectdoc Toolbox that will require to update the database tables. This may come inconvenient since this will require to recalculate the document entries in these tables. For instance with a large number of projectdoc documents we recommend to check the upgrade in a test instance to estimate how long the table update will take.

To prepare your installation for this version we recommend to set system property de.smartics.projectdoc.security.strictHtmlEncoding to true. This will require to use the new template references for complex select templates where HTML code is required for rendering.

Please refer to

Jira
serversmartics JIRA
serverId79ad43bc-d289-364e-bfc7-46c09847bebd
keyPDAC-1478
and
Jira
serversmartics JIRA
serverId79ad43bc-d289-364e-bfc7-46c09847bebd
keyPDAC-1462
for more information.


...

About

This site is maintained by smartics.

Imprint / Impressum

Data Privacy / Datenschutz 

End User License Agreement (EULA)


To get in touch please send us an e-mail!

smartics email

Keep up-to-date!

Read our

smartics Blog

Follow us on

Twitter YouTube Prezi

Find us on

Bitbucket GitHub Atlassian Marketplace

Powered by




© 2001-2023 smartics - Kronseder & Reiner GmbH