Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-42617

Certain wiki markup characters can be used to escape Internet Explorer MIME Sniffing Security Hole Workaround Policy

XMLWordPrintable

    • 2
    • Severity 3 - Minor
    • Hide
      Atlassian Update – 22 August 2019

      Hi everyone,

      After reviewing the overall customer interest and impact of this bug report we have decided to close this issue down. Our analysis has shown that over time this issue hasn't collected a significant number of votes, watchers, comments, or support cases from customers and therefore has remained very low on our priority list. Given these findings we can conclude it will not be fixed in the foreseeable future and wish to be transparent about our priorities by closing it as Timed Out.

      Although we're aware this issue may be still important to those of you who were involved in the initial conversations around it, we want to be clear by managing your expectations regarding the likelihood of a fix for it. The Jira team do their best to prioritise the issues that have high and critical impact with broad pervasiveness reflected in series of different factors. You can learn more about this by reading our Bug Fixing Policy.

      To see what the Jira team is currently working on and has recently delivered see the following dashboards:

      We understand that hearing a decision like this can be disappointing, but we hope you'll appreciate our transparent approach to product priorities and communications. We will continue to watch this issue for further updates, so please feel free to share any thoughts in the comments.

      Thank you,

      Pawel Drygas,

      Jira Server Bugmaster

      Show
      Atlassian Update – 22 August 2019 Hi everyone, After reviewing the overall customer interest and impact of this bug report we have decided to close this issue down. Our analysis has shown that over time this issue hasn't collected a significant number of votes, watchers, comments, or support cases from customers and therefore has remained very low on our priority list. Given these findings we can conclude it will not be fixed in the foreseeable future and wish to be transparent about our priorities by closing it as Timed Out . Although we're aware this issue may be still important to those of you who were involved in the initial conversations around it, we want to be clear by managing your expectations regarding the likelihood of a fix for it. The Jira team do their best to prioritise the issues that have high and critical impact with broad pervasiveness reflected in series of different factors. You can learn more about this by reading our Bug Fixing Policy . To see what the Jira team is currently working on and has recently delivered see the following dashboards: Jira Server and Data Center: Recently resolved issues Jira Server and Data Center: Current work and future plans Jira Server and Data Center: Bug Fix Board We understand that hearing a decision like this can be disappointing, but we hope you'll appreciate our transparent approach to product priorities and communications. We will continue to watch this issue for further updates, so please feel free to share any thoughts in the comments. Thank you, Pawel Drygas, Jira Server Bugmaster

      NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.

      The "Internet Explorer MIME Sniffing Security Hole Workaround Policy" option available in JIRA's General Configuration page can be used to turn off rendering of inline attachment including images when set to "Secure: forced download of attachments for all browsers".

      However it appears it's possible to escape this rendering setting for the inline image markup by using it with other wiki markup such as a pipe/quote/numbered/bulleted lists to the inline image markup.

      Steps to reproduce

      • Set "Internet Explorer MIME Sniffing Security Hole Workaround Policy" to "Secure: forced download of attachments for all browsers" in General Configurations.
      • Try to render an image attachment inline using !image.png!
      • Try adding a pipe in front of the markup as in |!image.png! as well.
      • Try adding a pipe in front of the markup as in *!image.png! as well.
      • Try adding a pipe in front of the markup as in #!image.png! as well.
      • Try adding a pipe in front of the markup as in {quote}!image.png! {quote} as well.

      Expected Behavior

      • Image is not rendered in any of the above cases based on the setting

      Actual behavior

      • Image is rendered when markup is used along with the pipe/quote/numbered/bulleted lists etc.

              Unassigned Unassigned
              takindele Taiwo Akindele (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: