Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-4558

Integrate a Javascript-filtering library for notes and comments

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.3 GA
    • Fix Version/s: 5.3.1
    • Component/s: Seam / JSF UI

      Description

      To combat Javascript injection vectors, the note and comments fields (those that are displayed without escaping) must be filtered server-side against unwanted tags.

      To do this, integrate AntiSamy (http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project).

      TODO:

      • AntiSamy is not in the central maven repository yet, so it should be deployed in our Nexus (version 1.3),
      • a listener has to be written that filters the configured field of any created or modified documents using AntiSamy,
      • an appropriate configuration file for AntiSamy has to be chosen/written.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: