Uploaded image for project: 'Confluence Server'
  1. Confluence Server
  2. CONFSERVER-20239

Remove the "Anti-XSS" setting from the admin screens

    Details

    • Feedback Policy:
      Thanks for taking the time to raise a Suggestion for Confluence, Atlassian values your input.

      We receive feedback from a number of different sources and evaluate those when we plan our product roadmap. If you would like to know more about how the Atlassian Product Management team uses your input in our planning process, please see our post on Atlassian Answers.

      Before creating a new Suggestion, please search the existing issues to see if your suggestion already exists.

      Cheers,
      The Confluence Product Management Team
    • Last commented by user?:
      true

      Description

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      The "Anti-XSS" setting should be removed from the Admin console. It was originally there as a compatibility measure, and has been enabled by default since 3.0 or 3.1.

      Instances with it turned off should be upgraded to have it on by default as part of this fix. We should add a system property to disable it in case someone really needs to turn it off.

      See also: CONF-21051.

      BV: https://collaboration-bamboo.internal.atlassian.com/branchinator/13041798/confluence_master%20(read-only)/issue%252FCONF-20239
      PR: https://stash.atlassian.com/projects/CONF/repos/confluence/pull-requests/7356/overview

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                4 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Last commented:
                  2 years, 6 weeks, 6 days ago