Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

how is enabling a text gadget helpful and what are the risks

sn
sn December 6, 2017

hi all,

we have a user requesting to enable the text dashboard and says it is useful for reports and dashboards. i read the documentation and i'm not following how this can be useful. since it says there are security risks involved , i would like yo make a decision based on pros and cons.

we have set the create shared objects permission for all logged in users and our JIRA is internal to our network

please provide input.

thanks !

Answer
Watch
Like Be the first to like this
570 views

1 answer

1 vote
Alexey Matveev
Alexey Matveev
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 6, 2017

Hello,

The Text gadget lets you add custom HTML to your dashboard which means you could write any script using html and javascript. For example you could add links to a page or draw a custom form in your dashboard, call any resource from your network(or internet if internet access is available). The possibilities are limitless.

There can be danger because you can add arbitrary HTML which could potentially make your JIRA system vulnerable to XSS attacks. If it is in your internal network, I would not be so worried about it.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events