Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-21965

Replace unsafe text gadget

XMLWordPrintable

    • 18
    • 72
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      Atlassian Update - 23 April 2015

      Hi everyone,

      There is an add-on from Atlassian Labs that provides a rich text dashboard gadget for JIRA Cloud. You can find it by searching for "rich text gadget" in the Find New Add-ons page on your JIRA Cloud instance or getting it from the Atlassian Marketplace.

      This add-on is not officially supported by Atlassian.

      Please remember that jira.atlassian.com is one of many inputs for the JIRA roadmap. You can learn more about our process here.

      I understand that our decision may be disappointing. Please don't hesitate to contact me if you have any questions.

      Regards,
      Dave Meyer
      dmeyer@atlassian.com

      The text gadget can make JIRA vulnerable to XSS attacks because it allows arbitrary html, which is why it is disabled by default.

      A wiki rendering replacement could cater to the needs of an arbitrary html gadget without the danger. Custom html could still be added to the wiki gadget where required through the creation of macro plugins for JIRA's wiki renderer.

            [JRASERVER-21965] Replace unsafe text gadget

            SET Analytics Bot made changes -
            UIS Original: 9 New: 18
            SET Analytics Bot made changes -
            UIS Original: 10 New: 9
            SET Analytics Bot made changes -
            UIS Original: 9 New: 10
            Jeremy R made changes -
            Labels Original: affects-cloud affects-server dmb-legacy-jac-none jw-platform no-cvss-required security shouldBePrivate New: affects-cloud affects-server dmb-legacy-jac-none jw-platform no-cvss-required security
            Security Original: Reporter and Atlassian Staff [ 10751 ]
            SET Analytics Bot made changes -
            UIS Original: 10 New: 9
            Zaro made changes -
            Labels Original: affects-cloud affects-server dmb-legacy-jac-none jw-platform no-cvss-required security New: affects-cloud affects-server dmb-legacy-jac-none jw-platform no-cvss-required security shouldBePrivate
            Security New: Reporter and Atlassian Staff [ 10751 ]
            SET Analytics Bot made changes -
            UIS Original: 9 New: 10
            SET Analytics Bot made changes -
            UIS Original: 10 New: 9
            SET Analytics Bot made changes -
            UIS Original: 19 New: 10
            SET Analytics Bot made changes -
            UIS Original: 29 New: 19

              Unassigned Unassigned
              chris@atlassian.com Chris Mountford
              Votes:
              180 Vote for this issue
              Watchers:
              113 Start watching this issue

                Created:
                Updated: