Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-12573

Enable automatic HTML encoding by default

    XMLWordPrintable

Details

    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      With the implementation of CONF-9627 we should move to enable the automatic HTML entity encoding behaviour by default. Once this is done and developers are happy with the outcome, we can start removing the explict calls to htmlEncode in earnest.

      Attachments

        Issue Links

          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-14129 Exporting to Word in anti-XSS mode will include html tags

          • Medium - Medium priority issues
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-9627 Velocity does not automatically escape HTML entities when substituting variables

          • Highest - Our top priority issues
          • Closed

          Suggestion - CONFSERVER-14431 Write Anti-XSS documentation for plugin developers

          • Closed

          Activity

            People

              ckiehl Chris Kiehl
              christopher.owen@atlassian.com Christopher Owen [Atlassian]
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: