Integrate a Javascript-filtering library for notes and comments
---------------------------------------------------------------
Key: NXP-4558
URL: http://jira.nuxeo.org/browse/NXP-4558
Project: Nuxeo Enterprise Platform
Issue Type: Bug
Reporter: Florent Guillaume
Priority: Major
Fix For: 5.3.1
To combat Javascript injection vectors, the note and comments fields (those
that are displayed without escaping) must be filtered server-side against
unwanted tags.
To do this, integrate AntiSamy
(http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project).
TODO:
- AntiSamy is not in the central maven repository yet, so it should be deployed
in our Nexus (version 1.3),
- a listener has to be written that filters the configured field of any created
or modified documents using AntiSamy,
- an appropriate configuration file for AntiSamy has to be chosen/written.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.nuxeo.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets
