Details
-
Task
-
Resolution: Fixed
-
Critical
-
4.0, 4.1-milestone-2
-
None
Description
To support rendering with some macros disabled (i.e, velocity, groovy, html, ...) we should add a parameter to the transformation context. This safe rendering mode should be used for rendering comments.
Attachments
Issue Links
- blocks
-
XWIKI-2107 Comments XSS vulnerability
- Closed
-
XWIKI-4875 Security issue: Arbitrary HTML code can be used in comments
- Closed
- is related to
-
XWIKI-16459 Display content in restricted mode
- Closed
- relates to
-
XWIKI-9118 XSS in restricted context via html macro
- Closed