Security Issues

Originally the projectdoc Toolbox was designed for small teams of developers where the team had full access to the server. Therefore making use cases possible had been the main concern at first. This has changed since larger companies started to use the projectdoc Toolbox for the information architecture.

As a preparation step for data center support his release removes a couple of security related issues. The attacker needed to have write access privileges to take advantage of these issues.

To not break existing API this version introduces strict HTML rendering as a feature required to actively turned on. In the next major version this feature is activated by default.

The following issues fall into this category.

Reference Support for Query Parameters

Query parameters may specify complex templates to render property values. To store these templates in one location as a space property, the macro parameter 'select' now supports referencing templates.

Simply introduce the parameter value with the paragraph sign (§) and then add the name of the space property that defines the template.

Note that the template may be formatted with the Confluence editor. For instance to set a property in italics or add a line break.

See PDAC-1462 - Getting issue details... STATUS for more information.

Detect Health Issues

The Name List Macro allows to specify arbitrary names. If the name is actually referencing a document, a link is rendered. This approach is different from using a display property macro where the referenced document is required to exist. The projectdoc Toolbox speaks of name macros as dynamic links and display property macros as dynamic links.

Dynamic links may loose the target document involuntarily. These issues are hard to detect. To help users to find and fix these issues this version of the projectdoc Toolbox adds the following improvements and features.