[SHA-2462] Comments referencing Jira numbers should generally not be included in pages rendered to clients - Alfresco JIRA

Details

Type: Bug
Status: Open
Resolution: Unresolved
Affects Version/s: 6.2
Fix Version/s: None
Component/s: Aikau
Labels:
None

Bug Priority:

Category 4
Epic Link:
WD - Feature Team Apps maintenance
Delivery Team:
Feature Teams Apps

Description

Comments that reference Jira issues should generally not be included in pages rendered to the customer. These could provide malicious users with information that could be used to exploit vulnerabilities within the application.

The following comment is rendered through an included across multiple pages in share:

// See AKU-692 - Apply AMD module mapping to temporarily resolve dojo/hccss bug
Most pages within share contain

<script type="text/javascript">
      // See AKU-692 - Apply AMD module mapping to temporarily resolve dojo/hccss bug
      
      dojoConfig.packages.push({
         name: "patches",
         location: "js/patches"
      });
      dojoConfig.map = {
         "*": {
            "dojo/hccss": "patches/dojo/hccss"
         }
      };
</script>

Attachments

Structure

Activity

People

Assignee:

John Iball

Reporter:

Jared Ottley

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

02-Jul-20 09:21 PM

Updated:

12-Oct-20 09:11 AM