You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wookie.apache.org by "Scott Wilson (JIRA)" <ji...@apache.org> on 2009/12/11 00:38:18 UTC
[jira] Updated: (WOOKIE-76) Consider and mitigate against potential
security risks in widget metadata
[ https://issues.apache.org/jira/browse/WOOKIE-76?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Scott Wilson updated WOOKIE-76:
-------------------------------
Priority: Minor (was: Blocker)
> Consider and mitigate against potential security risks in widget metadata
> -------------------------------------------------------------------------
>
> Key: WOOKIE-76
> URL: https://issues.apache.org/jira/browse/WOOKIE-76
> Project: Wookie
> Issue Type: Task
> Reporter: Scott Wilson
> Priority: Minor
> Fix For: 0.8.1
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> Before we can make a release we should look at the issue of potential malicious content in widget metadata that gets returned to plugins; in particular the License and Description text elements. This may be a case of stripping out any tags and scripting statements, or limiting what metadata is returned by default.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.