chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Florian Müller (JIRA) <>
Subject [jira] [Commented] (CMIS-943) Hardcoded Domain in HTML in repository.jsp
Date Mon, 24 Aug 2015 10:50:46 GMT


Florian Müller commented on CMIS-943:

repository.jsp is sample code and never used in a productive system. It references jQuery
from a CDN, which should be ok for sample code.

Please check your scan results before opening irrelevant issues.

> Hardcoded Domain in HTML in repository.jsp
> ------------------------------------------
>                 Key: CMIS-943
>                 URL:
>             Project: Chemistry
>          Issue Type: Bug
>          Components: opencmis-client
>    Affects Versions: OpenCMIS 0.13.0
>            Reporter: Donald Kwakkel
> The file repository.jsp references a script using a hardcoded domain name on line 27.
If attackers compromise the domain, they will have malicious code on this page.
> Recommendation:
> Keep control over the code your web pages invoke. Do not include scripts or other artifacts
from third-party sites.

This message was sent by Atlassian JIRA

View raw message