Details
-
Task
-
Resolution: Duplicate
-
Major
-
None
-
5.0.1
-
Unknown
-
N/A
-
N/A
-
Description
Right now we have many XSS flaws because almost anything can be done with the HTML macro. So the idea is to restrict the things that non-PR users can do with the macro.
Attachments
Issue Links
- duplicates
-
XWIKI-9118 XSS in restricted context via html macro
- Closed