Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Fixed
Fix Version/s: 5.10.0
Component/s: None
Labels:
- bootcamp
- nf
- no-cvss-required
- security

Feedback Policy:

We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Description

NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

The "Anti-XSS" setting should be removed from the Admin console. It was originally there as a compatibility measure, and has been enabled by default since 3.0 or 3.1.

Instances with it turned off should be upgraded to have it on by default as part of this fix. We should add a system property to disable it in case someone really needs to turn it off.

Attachments

Issue Links

relates to

CONFCLOUD-20239 Remove the "Anti-XSS" setting from the admin screens

Closed

included in

CPU-103 Confluence 6.0.0-OD-2015.48.1-0004

CPU-106 Confluence 6.0.0-OD-2015.48.1-0006

CPU-121 Confluence 6.0.0-OD-2015.49.1-0002

CPU-139 Confluence 6.0.0-OD-2015.49.1-0003

CPU-141 Confluence 6.0.0-OD-2015.50.1-0003

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(1 included in, 11 mentioned in)

Activity

People

Assignee:: Petro Semeniuk (Inactive)

Reporter:: Stefan Saasen (Inactive)

Votes:: 4 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 01/Jul/2010 12:42 AM

Updated:: 19/Sep/2019 5:26 AM

Resolved:: 16/Nov/2015 1:30 AM