Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

the javascript injection in edit configuration of Custom Fields throws a XSS - Cross Site scripting error.

meena bhujang
meena bhujang September 6, 2013

How to deal with it? is there a safe way? I am using JIRA version 5.2. Is there a newer version that has the auto render ability for multi select custom fields?

Answer
Watch
Like Be the first to like this
139 views

1 answer

0 votes
MB
MB
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 10, 2013

Just make sure that javascript is accessing urls that match all these things, just like the originating page, in which that script was loaded:

  • protocol specification (http / https)
  • host name (www.atlassian.com)
  • port number (if present after the host name)

Javascript ajax calls will be restricted to these 3 or the XSS error will appear. So, without any code samples I can't provide any more help than this :(

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events