[NXP-18937] Remove HTML in "Text Editor" OpenSocial Gadget - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Clean up
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 5.8.0-HF39, 6.0-HF27
Component/s: Dashboard / OpenSocial (deprecated)

Description

The "Text Editor" OpenSocial Gadget is a vector of XSS attacks, and displaying arbitrary HTML must be removed.

This does not apply to 7.10 or later due to removal of OpenSocial in ~~NXP-16928~~.

Attachments

Issue Links

depends on

NXP-16928 Remove open social and dependencies from build

Resolved

Activity

People

Assignee:

Florent Guillaume

Reporter:

Florent Guillaume

Participants:

Florent Guillaume

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

2016-02-02 10:12

Updated:

2016-02-02 16:44

Resolved:

2016-02-02 12:27