Uploaded image for project: 'projectdoc Toolbox'
  1. projectdoc Toolbox
  2. PDAC-1479

HTML Code in Short Descriptions

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • 4.13.0
    • 4.12.2
    • None
    • None
    • Informal
    • Security

    Description

      The projectdoc Toolbox allows HTML code in short descriptions in page and space blueprints.

      This imposes a security issue in case a user with write access adds malicious code in the short description.

      The strict rendering is off per default for version 4 of the projectdoc Toolbox. It will be the default for version 5. Use the system property de.smartics.projectdoc.security.strictHtmlEncoding set to true to demand strict encoding.

      Note that encoding in short descriptions for page blueprints is covered by PDAC-1478.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. PDAC-1478 Template Encoding

          • Critical - Crashes, loss of data, severe memory leak.
          • Done
          mentioned in

          Page Loading...

          Activity

            People

              robert.reiner Robert Reiner
              robert.reiner Robert Reiner
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: