Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
Minor
-
Description
Issue Summary
As an app developer, I need to understand if the Confluence storage format is guaranteed to be safe from XSS attacks. This information is missing in the documentation. Also see https://community.developer.atlassian.com/t/macros-and-rich-text-and-xss/43043.
Steps to Reproduce
- Visit the reference documentation describing Confluence storage format (https://confluence.atlassian.com/doc/confluence-storage-format-790796544.html) and where it is exposed such as static content macros (https://developer.atlassian.com/cloud/confluence/modules/static-content-macro/).
Expected Results
At step 1, the documentation indicates whether Confluence storage format is vulnerable to XSS attacks.
Actual Results
At step 1, the documentation does not indicate whether Confluence storage format is vulnerable to XSS attacks.
Workaround
Program defensively by assuming the XML may be vulnerable to XSS attacks.