Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-20239

Remove the "Anti-XSS" setting from the admin screens

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion.

      The "Anti-XSS" setting should be removed from the Admin console. It was originally there as a compatibility measure, and has been enabled by default since 3.0 or 3.1.

      Instances with it turned off should be upgraded to have it on by default as part of this fix. We should add a system property to disable it in case someone really needs to turn it off.

      See also: CONF-21051.

      BV: https://collaboration-bamboo.internal.atlassian.com/branchinator/13041798/confluence_master%20(read-only)/issue%252FCONF-20239
      PR: https://stash.atlassian.com/projects/CONF/repos/confluence/pull-requests/7356/overview

      Attachments

        Issue Links

          is related to

          Suggestion - CONFSERVER-20239 Remove the "Anti-XSS" setting from the admin screens

          • Closed

          Activity

            People

              psemeniuk Petro Semeniuk (Inactive)
              ssaasen Stefan Saasen (Inactive)
              Votes:
              4 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: