Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-65600

As an JIRA Administrator I want to disable all JavaScript in JIRA input except JIRA banner

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • None
    • 1
    • 2
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Problem Definition

      User can add/inject JavaScript in different places in JIRA, eg:

      • Customfields description
      • FieldConfiguration description

      That will break UI in very unpredictable way. This is extremely hard to troubleshoot.

      Suggested Solution

      Add option to prevent JavaScript from being injected into text fields and make it default.
      Only allowed place should be JIRA Admin banner, since it is controlled by JIRA Admin.

      Workaround

      Review DB manually and check for "script text/javascript" text

              Unassigned Unassigned
              ayakovlev@atlassian.com Andriy Yakovlev [Atlassian]
              Votes:
              2 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: