[
http://jira.nuxeo.org/browse/NXP-4558?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Florent Guillaume updated NXP-4558:
-----------------------------------
Status: Open (was: Triage)
> Integrate a Javascript-filtering library for notes and comments
> ---------------------------------------------------------------
>
> Key: NXP-4558
> URL: http://jira.nuxeo.org/browse/NXP-4558
> Project: Nuxeo Enterprise Platform
> Issue Type: Bug
> Affects Versions: 5.3 GA
> Reporter: Florent Guillaume
> Priority: Major
> Fix For: 5.3.1
>
>
> To combat Javascript injection vectors, the note and comments fields (those
> that are displayed without escaping) must be filtered server-side against
> unwanted tags.
> To do this, integrate AntiSamy
> (http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project).
> TODO:
> - AntiSamy is not in the central maven repository yet, so it should be
> deployed in our Nexus (version 1.3),
> - a listener has to be written that filters the configured field of any
> created or modified documents using AntiSamy,
> - an appropriate configuration file for AntiSamy has to be chosen/written.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.nuxeo.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets
