chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Florian Müller (JIRA) <j...@apache.org>
Subject [jira] [Commented] (CMIS-943) Hardcoded Domain in HTML in repository.jsp
Date Mon, 24 Aug 2015 10:50:46 GMT

    [ https://issues.apache.org/jira/browse/CMIS-943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14709092#comment-14709092
] 

Florian Müller commented on CMIS-943:
-------------------------------------

repository.jsp is sample code and never used in a productive system. It references jQuery
from a CDN, which should be ok for sample code.

Please check your scan results before opening irrelevant issues.

> Hardcoded Domain in HTML in repository.jsp
> ------------------------------------------
>
>                 Key: CMIS-943
>                 URL: https://issues.apache.org/jira/browse/CMIS-943
>             Project: Chemistry
>          Issue Type: Bug
>          Components: opencmis-client
>    Affects Versions: OpenCMIS 0.13.0
>            Reporter: Donald Kwakkel
>
> The file repository.jsp references a script using a hardcoded domain name on line 27.
If attackers compromise the domain, they will have malicious code on this page.
> Recommendation:
> Keep control over the code your web pages invoke. Do not include scripts or other artifacts
from third-party sites.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message