You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by "Janne Jalkanen (JIRA)" <ji...@apache.org> on 2009/02/16 14:45:03 UTC
[jira] Commented: (JSPWIKI-505) No more
separators in wiki
system variables
[ https://issues.apache.org/jira/browse/JSPWIKI-505?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12673876#action_12673876 ]
Janne Jalkanen commented on JSPWIKI-505:
----------------------------------------
Variable output is escaped because of security concerns. It is less userfriendly, yes, but unfortunately security often is.
In fact, I think that most of the variables are also a security risk (they give information to the attacker), so we should remove variables like $pageproviderdescription and so on.
No plans to change this behaviour - not escaping the line breaks would result in a fairly massive security hole just to make another security hole look nicer. Not a good tradeoff, methinks.
> No more <br /> separators in wiki system variables
> --------------------------------------------------
>
> Key: JSPWIKI-505
> URL: https://issues.apache.org/jira/browse/JSPWIKI-505
> Project: JSPWiki
> Issue Type: Bug
> Affects Versions: 2.8.1
> Reporter: Bruno Peeters
> Priority: Minor
>
> We have noticed that information on the Systeminfo page (http://www.jspwiki.org/wiki/SystemInfo) is less userfriendly presented compared to the previous version of jspwiki we are using (2.2.33). All information items are put on one single line, which makes it harder to get a clear view on the information presented, eg the available interwiki links.
> Why were the <br /> separators removed from the variables ?
> Would it be possible to add an option to indicate whether the information would be presented with or without breaks ?
> Concerned wiki variables
> Current Page Provider {$pageproviderdescription}
> Current Attachment Provider {$attachmentProviderDescription}
> Available InterWiki links {$interwikilinks}
> Inlined images are {$inlinedimages}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.