Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-31585

Add support for absolute Image placeholder URLs

    XMLWordPrintable

Details

    Description

      NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.

      Whilst removing a connect security vulnerability (ACDEV-514, ACDEV-516 ) we have encountered an obstacle in Confluence that prevents us completing this work and therefore closing this serious security hole.

      Confluence currently assumes that the image placeholders are served out of confluence. For connect we require them to be able to be served out of the Addon.

      The offending line is
      CustomImageEditorMacroMarshaller line 104 

                          writer.writeAttribute("src", context + imgUrl);

      For connect we need this to not prepend with context for absolute URLs

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-25394 Macros don't support absolute icon urls

          • Low - Low priority issues
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. CONFCLOUD-31585 Add support for absolute Image placeholder URLs

          • High - High priority issues
          • Closed
          causes

          AC-832 Loading...

          Activity

            People

              richatkins Richard Atkins
              aholmgren Anders Holmgren (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: