Details
-
Improvement
-
Resolution: Fixed
-
Major
-
14.5
-
None
Description
There should be an event whenever user input is output as raw block such that event handlers can influence the filtering and, e.g., disallow certain inputs or perform additional cleaning.
Attachments
Issue Links
- blocks
-
XWIKI-18568 Multiple instances of stored cross-site scripting (XSS) via editor and HTML macro
- Closed