Uploaded image for project: 'projectdoc Toolbox'
  1. projectdoc Toolbox
  2. PDAC-1478

Template Encoding

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • 4.13.0
    • 4.12.2
    • None
    • None
    • Informal
    • Security

    Description

      Select Templates allow to add HTML tags to control the rendering.

      This is a security issue since users with write access may add unwanted tags.

      Use PDAC-1462 to store templates with allowed HTML code as space properties.

      The strict rendering is off per default for version 4 of the projectdoc Toolbox. It will be the default for version 5. Use the system property de.smartics.projectdoc.security.strictHtmlEncoding set to true to demand strict encoding.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. PDAC-1479 HTML Code in Short Descriptions

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Done

          Improvement - An improvement or enhancement to an existing feature or task. PDAC-1480 Make strict HTML Encoding the default

          • Major - Major loss of function.
          • Done

          New Feature - A new feature of the product, which has yet to be developed. PDAC-1462 Reference Support for Query Parameters

          • Major - Major loss of function.
          • Done
          mentioned in

          Page Loading...

          Activity

            People

              robert.reiner Robert Reiner
              robert.reiner Robert Reiner
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: