Loading...

XML

Word

Printable

Type: Work Task
Resolution: Won't Do
Priority: Major
Fix Version/s: Recycle Bin
Affects Version/s: None
Component/s: User Interface
Labels:
None

Some of the Descriptions for Datasets have html formatting (Bold, Italics, etc...).

What is our policy on allowing User content to have formatting?

If we allow formatting we should be dilligent about what type of formatting we allow. If we aren't a user can (untentinall or intenionally) ruin our page formatting by using some <div> blocks.

We could open our Users to Cross-Site Scripting (XSS) attacks:
http://en.wikipedia.org/wiki/Cross-site_scripting

is related to

GTWY-865 Disable annotations untill input can be sanitized

Done

relates to

GTWY-276 Formatting of User Input Text

Done

GTWY-355 Parsing User/Machine Input Library Research

Done

GTWY-145 Sanitize User Input for Cross Site Scripting Attacks

Done

Assignee:: Unassigned
Reporter:: Nathan Hook
Votes:: 0 Vote for this issue
Watchers:: 0 Start watching this issue

Created:: 02/Mar/09 10:13 AM
Updated:: 17/Nov/15 2:17 PM
Resolved:: 01/Mar/12 10:35 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates