Uploaded image for project: 'Confluence Server'
  1. Confluence Server
  2. CONFSERVER-20239

Remove the "Anti-XSS" setting from the admin screens

    Details

    • Last commented by user?:
      true

      Description

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      The "Anti-XSS" setting should be removed from the Admin console. It was originally there as a compatibility measure, and has been enabled by default since 3.0 or 3.1.

      Instances with it turned off should be upgraded to have it on by default as part of this fix. We should add a system property to disable it in case someone really needs to turn it off.

      See also: CONF-21051.

      BV: https://collaboration-bamboo.internal.atlassian.com/branchinator/13041798/confluence_master%20(read-only)/issue%252FCONF-20239
      PR: https://stash.atlassian.com/projects/CONF/repos/confluence/pull-requests/7356/overview

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                4 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Last commented:
                  1 year, 41 weeks, 6 days ago