Uploaded image for project: 'Nuxeo Enhanced Viewer'
  1. Nuxeo Enhanced Viewer
  2. NEV-674

Prevent NEV from reading local files

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: arender-2.3.4
    • Component/s: ARender
    • Tags:
    • Backlog priority:
      900

      Description

      Steps to reproduce

      1. create a file test.html with this content which has a reference to the local file /usr/share/pixmaps/debian-logo.png 
        <html> <body> <a href="http://localhost:8000/fake_login.html">CLICK ME</a><br><br> <iframe src="https://www.deloitte.com/global/en.html" height="512" width="512"></iframe><br><br> <img src="/usr/share/pixmaps/debian-logo.png">This is a proof of concept, we are showing "/usr/share/pixmaps/debian-logo.png"<br><br> <button type="button" enabled>Click Me!</button><br><br> </body> </html>
      2. create a File document and attach test.html
      3. navigate to the Annotations tab
      4. observe that the Debian logo is displayed

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: