As an JIRA Administrator I want to disable all JavaScript in JIRA input except JIRA banner

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Unresolved
    • None
    • Component/s: None
    • 1
    • 6

      Problem Definition

      User can add/inject JavaScript in different places in JIRA, eg:

      • Customfields description
      • FieldConfiguration description

      That will break UI in very unpredictable way. This is extremely hard to troubleshoot.

      Suggested Solution

      Add option to prevent JavaScript from being injected into text fields and make it default.
      Only allowed place should be JIRA Admin banner, since it is controlled by JIRA Admin.

      Workaround

      Review DB manually and check for "script text/javascript" text

            Assignee:
            Unassigned
            Reporter:
            Andriy Yakovlev [Atlassian]
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: