Details
-
Suggestion
-
Resolution: Fixed
-
None
Description
NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion.
The "Anti-XSS" setting should be removed from the Admin console. It was originally there as a compatibility measure, and has been enabled by default since 3.0 or 3.1.
Instances with it turned off should be upgraded to have it on by default as part of this fix. We should add a system property to disable it in case someone really needs to turn it off.
See also: CONF-21051.
BV: https://collaboration-bamboo.internal.atlassian.com/branchinator/13041798/confluence_master%20(read-only)/issue%252FCONF-20239
PR: https://stash.atlassian.com/projects/CONF/repos/confluence/pull-requests/7356/overview
Attachments
Issue Links
- is related to
-
CONFSERVER-20239 Remove the "Anti-XSS" setting from the admin screens
- Closed