Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-23187

Feature to monitor usage of escape="false" attribute on pages.

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Tracked Elsewhere
    • None
    • None
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      In JSF, the usage of attribute escape="false" on pages causes rendering of HTML content in string as it is (without encoding).

      This can cause possible XSS threat to application.

      Thus in applications where XSS issues are to be handled, addition of this feature will allow monitoring and guaging number of pages that are using escape="false".

      Can this feature be added to SONAR plugin?

      Attachments

        Activity

          People

            Unassigned Unassigned
            deepatilwani Deepa Tilwani
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: