Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-7878

Add a 'restricted' parameter to transformation context to enable a safe rendering mode

    XMLWordPrintable

Details

    • Task
    • Resolution: Fixed
    • Critical
    • 4.2-milestone-1
    • 4.0, 4.1-milestone-2
    • Old Core, Rendering
    • None
    • security
    • Unit
    • Easy

    Description

      To support rendering with some macros disabled (i.e, velocity, groovy, html, ...) we should add a parameter to the transformation context. This safe rendering mode should be used for rendering comments.

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-2107 Comments XSS vulnerability

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-4875 Security issue: Arbitrary HTML code can be used in comments

          • Major - Major loss of function.
          • Closed
          is related to

          New Feature - A new feature of the product, which has yet to be developed. XWIKI-16459 Display content in restricted mode

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-9118 XSS in restricted context via html macro

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Activity

            People

              aj Andreas Jonsson
              aj Andreas Jonsson
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: