You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by "Janne Jalkanen (JIRA)" <ji...@apache.org> on 2009/02/16 14:45:03 UTC

[jira] Commented: (JSPWIKI-505) No more
separators in wiki system variables

    [ https://issues.apache.org/jira/browse/JSPWIKI-505?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12673876#action_12673876 ] 

Janne Jalkanen commented on JSPWIKI-505:
----------------------------------------

Variable output is escaped because of security concerns.  It is less userfriendly, yes, but unfortunately security often is.

In fact, I think that most of the variables are also a security risk (they give information to the attacker), so we should remove variables like $pageproviderdescription and so on.

No plans to change this behaviour - not escaping the line breaks would result in a fairly massive security hole just to make another security hole look nicer.  Not a good tradeoff, methinks.

> No more <br /> separators in wiki system variables
> --------------------------------------------------
>
>                 Key: JSPWIKI-505
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-505
>             Project: JSPWiki
>          Issue Type: Bug
>    Affects Versions: 2.8.1
>            Reporter: Bruno Peeters
>            Priority: Minor
>
> We have noticed that information on the Systeminfo page (http://www.jspwiki.org/wiki/SystemInfo) is less userfriendly presented compared to the previous version of jspwiki we are using (2.2.33).  All information items are put on one single line, which makes it harder to get a clear view on the information presented, eg the available interwiki links. 
> Why were the <br /> separators removed from the variables ? 
> Would it be possible to add an option to indicate whether the information would be presented with or without breaks ?
> Concerned wiki variables
> Current Page Provider          {$pageproviderdescription}
> Current Attachment Provider    {$attachmentProviderDescription}
> Available InterWiki links      {$interwikilinks}
> Inlined images are             {$inlinedimages}

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.