[jira] [Commented] (CMIS-943) Hardcoded Domain in HTML in repository.jsp

Donald Kwakkel (JIRA) Mon, 24 Aug 2015 03:58:33 -0700

    [ 
https://issues.apache.org/jira/browse/CMIS-943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14709093#comment-14709093
 ]


Donald Kwakkel commented on CMIS-943:
-------------------------------------

Sorry. I removed all *ample* and *est* directories and files, it was not clear 
to me this was sample code.

> Hardcoded Domain in HTML in repository.jsp
> ------------------------------------------
>
>                 Key: CMIS-943
>                 URL: https://issues.apache.org/jira/browse/CMIS-943
>             Project: Chemistry
>          Issue Type: Bug
>          Components: opencmis-client
>    Affects Versions: OpenCMIS 0.13.0
>            Reporter: Donald Kwakkel
>
> The file repository.jsp references a script using a hardcoded domain name on 
> line 27. If attackers compromise the domain, they will have malicious code on 
> this page.
> Recommendation:
> Keep control over the code your web pages invoke. Do not include scripts or 
> other artifacts from third-party sites.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (CMIS-943) Hardcoded Domain in HTML in repository.jsp

Reply via email to