[ https://issues.apache.org/jira/browse/EAGLE-172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15171513#comment-15171513 ]
Jilin, Jiang commented on EAGLE-172: ------------------------------------ front end & back end do not execute the script fragment. It's OK for user typing any of the word. > Scripting string is allowed to create policy rules. > --------------------------------------------------- > > Key: EAGLE-172 > URL: https://issues.apache.org/jira/browse/EAGLE-172 > Project: Eagle > Issue Type: Bug > Environment: sandbox > Reporter: Michael Wu > Assignee: Jilin, Jiang > Priority: Minor > Attachments: Screen Shot 2016-02-25 at 12.05.05.png > > > While creating a policy, to define a rule, users can input a scripting > fragment. From security perspective, such behavior should be forbidden. Such > as <a href='google' />. See the attached screenshot. > The project is built upon branch: > https://github.com/zombieJ/incubator-eagle/tree/module -- This message was sent by Atlassian JIRA (v6.3.4#6332)