Uploaded image for project: 'Confluence Server'
  1. Confluence Server
  2. CONFSERVER-20239

Remove the "Anti-XSS" setting from the admin screens


    • Feedback Policy:
      Thanks for taking the time to raise a Suggestion for Confluence, Atlassian values your input.

      We receive feedback from a number of different sources and evaluate those when we plan our product roadmap. If you would like to know more about how the Atlassian Product Management team uses your input in our planning process, please see our post on Atlassian Answers.

      Before creating a new Suggestion, please search the existing issues to see if your suggestion already exists.

      The Confluence Product Management Team
    • Last commented by user?:


      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      The "Anti-XSS" setting should be removed from the Admin console. It was originally there as a compatibility measure, and has been enabled by default since 3.0 or 3.1.

      Instances with it turned off should be upgraded to have it on by default as part of this fix. We should add a system property to disable it in case someone really needs to turn it off.

      See also: CONF-21051.

      BV: https://collaboration-bamboo.internal.atlassian.com/branchinator/13041798/confluence_master%20(read-only)/issue%252FCONF-20239
      PR: https://stash.atlassian.com/projects/CONF/repos/confluence/pull-requests/7356/overview


          Issue Links



              • Votes:
                4 Vote for this issue
                9 Start watching this issue


                • Created:
                  Last commented:
                  2 years, 6 weeks, 6 days ago