Zum Hauptinhalt springen
Foren
Kategorien
Neueste Beiträge
Statistiken
Startseite
Development
XSS protection in Liferay 6.1 GA1
XSS protection in Liferay 6.1 GA1
RSS
(Öffnet neues Fenster)
(Öffnet neues Fenster)
Cee Paxton, geändert vor 11 Jahren.
XSS protection in Liferay 6.1 GA1
New Member
Beiträge:
3
Beitrittsdatum:
20.01.13
Neueste Beiträge
In prior version of Liferay, XSS protection was enabled by setting the following entry in the portal-ext.properties:
xss.allow=false
In 6.1, it looks like this has been removed as a overriden property in portal-ext. How is it toggled on and off in 6.1? Is it on by default?
Hitoshi Ozawa, geändert vor 11 Jahren.
RE: XSS protection in Liferay 6.1 GA1
Liferay Legend
Beiträge:
7942
Beitrittsdatum:
24.03.10
Neueste Beiträge
I think you'll right. The last comment in the following issue clearly states it has been removed:
http://issues.liferay.com/browse/LPS-13246
Cee Paxton, geändert vor 11 Jahren.
RE: XSS protection in Liferay 6.1 GA1
New Member
Beiträge:
3
Beitrittsdatum:
20.01.13
Neueste Beiträge
Even if that particular property has been removed., do you happen to know how to turn XSS on in 6.1?
I assume that they only removed the property and not XSS protection all together.
jelmer kuperus, geändert vor 11 Jahren.
RE: XSS protection in Liferay 6.1 GA1
Liferay Legend
Beiträge:
1191
Beitrittsdatum:
10.03.10
Neueste Beiträge
why would you want that ?
that property might just as well have been called
hackme=true
Cee Paxton, geändert vor 11 Jahren.
RE: XSS protection in Liferay 6.1 GA1
New Member
Beiträge:
3
Beitrittsdatum:
20.01.13
Neueste Beiträge
The question is
It doesn't appear to be on by default. How is it turned on in 6.1z
jelmer kuperus, geändert vor 11 Jahren.
RE: XSS protection in Liferay 6.1 GA1
Liferay Legend
Beiträge:
1191
Beitrittsdatum:
10.03.10
Neueste Beiträge
You don't because the very notion of having such a property is retarded
Now why do you think you need to enable this property.
Hitoshi Ozawa, geändert vor 11 Jahren.
RE: XSS protection in Liferay 6.1 GA1
Liferay Legend
Beiträge:
7942
Beitrittsdatum:
24.03.10
Neueste Beiträge
As is written in the issue, XSS protection should be enable by default. If it's not, can you provide us with a test case?
Also, there have been some security patches in 6.1.0GA1. Please check if XSS protection is enabled in liferay 6.1.1 GA2.
Verborgen
