Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-22798

The code macro is missing a required rights analyzer

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • 15.9-rc-1
    • Rendering - Code Macro
    • None
    • Unknown

    Description

      Steps to reproduce:

      1. As a user without script right, save a page with a code macro with a script reference like 
        {{code source="script:doc"/}}
      2. As a user with script macro, try editing the page.

      Expected result:

      There is a warning regarding the script right that will be granted to the code macro.

      Actual result:

      There isn't any warning.

      I don't see how this could have a security impact as the code macro doesn't execute the displayed content and there shouldn't be any variables in the script context that contain sensitive data.

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. XWIKI-22821 Allow having generic analyzers for different types of macro arguments

          • Major - Major loss of function.
          • Open

          Activity

            People

              MichaelHamann Michael Hamann
              MichaelHamann Michael Hamann
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: