Details
-
Suggestion
-
Resolution: Fixed
-
None
Description
NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.
The "Anti-XSS" setting should be removed from the Admin console. It was originally there as a compatibility measure, and has been enabled by default since 3.0 or 3.1.
Instances with it turned off should be upgraded to have it on by default as part of this fix. We should add a system property to disable it in case someone really needs to turn it off.
See also: CONF-21051.
BV: https://collaboration-bamboo.internal.atlassian.com/branchinator/13041798/confluence_master%20(read-only)/issue%252FCONF-20239
PR: https://stash.atlassian.com/projects/CONF/repos/confluence/pull-requests/7356/overview
Attachments
Issue Links
- relates to
-
CONFCLOUD-20239 Remove the "Anti-XSS" setting from the admin screens
- Closed
- included in
-
CPU-103 Confluence 6.0.0-OD-2015.48.1-0004
-
CPU-106 Confluence 6.0.0-OD-2015.48.1-0006
-
CPU-121 Confluence 6.0.0-OD-2015.49.1-0002
-
CPU-139 Confluence 6.0.0-OD-2015.49.1-0003
-
CPU-141 Confluence 6.0.0-OD-2015.50.1-0003
- mentioned in
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...