Uploaded image for project: 'Share Application'
  1. Share Application
  2. SHA-2462

Comments referencing Jira numbers should generally not be included in pages rendered to clients

    Details

    • Type: Bug
    • Status: Open
    • Resolution: Unresolved
    • Affects Version/s: 6.2
    • Fix Version/s: None
    • Component/s: Aikau
    • Labels:
      None

      Description

      Comments that reference Jira issues should generally not be included in pages rendered to the customer. These could provide malicious users with information that could be used to exploit vulnerabilities within the application.

      The following comment is rendered through an included across multiple pages in share:

      // See AKU-692 - Apply AMD module mapping to temporarily resolve dojo/hccss bug
      Most pages within share contain
       

      <script type="text/javascript">
            // See AKU-692 - Apply AMD module mapping to temporarily resolve dojo/hccss bug
            
            dojoConfig.packages.push({
               name: "patches",
               location: "js/patches"
            });
            dojoConfig.map = {
               "*": {
                  "dojo/hccss": "patches/dojo/hccss"
               }
            };
      </script>

       

        Attachments

          Structure

            Activity

              People

              • Assignee:
                jiball John Iball
                Reporter:
                jottley Jared Ottley
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Structure Helper Panel