Foren
XSS protection in Liferay 6.1 GA1
Cee Paxton, geändert vor 11 Jahren.
XSS protection in Liferay 6.1 GA1
New Member Beiträge: 3 Beitrittsdatum: 20.01.13 Neueste Beiträge
In prior version of Liferay, XSS protection was enabled by setting the following entry in the portal-ext.properties:
xss.allow=false
In 6.1, it looks like this has been removed as a overriden property in portal-ext. How is it toggled on and off in 6.1? Is it on by default?
xss.allow=false
In 6.1, it looks like this has been removed as a overriden property in portal-ext. How is it toggled on and off in 6.1? Is it on by default?
Hitoshi Ozawa, geändert vor 11 Jahren.
RE: XSS protection in Liferay 6.1 GA1
Liferay Legend Beiträge: 7942 Beitrittsdatum: 24.03.10 Neueste Beiträge
I think you'll right. The last comment in the following issue clearly states it has been removed:
http://issues.liferay.com/browse/LPS-13246
http://issues.liferay.com/browse/LPS-13246
Cee Paxton, geändert vor 11 Jahren.
RE: XSS protection in Liferay 6.1 GA1
New Member Beiträge: 3 Beitrittsdatum: 20.01.13 Neueste Beiträge
Even if that particular property has been removed., do you happen to know how to turn XSS on in 6.1?
I assume that they only removed the property and not XSS protection all together.
I assume that they only removed the property and not XSS protection all together.
jelmer kuperus, geändert vor 11 Jahren.
RE: XSS protection in Liferay 6.1 GA1
Liferay Legend Beiträge: 1191 Beitrittsdatum: 10.03.10 Neueste Beiträge
why would you want that ?
that property might just as well have been called
hackme=true
that property might just as well have been called
hackme=true
Cee Paxton, geändert vor 11 Jahren.
RE: XSS protection in Liferay 6.1 GA1
New Member Beiträge: 3 Beitrittsdatum: 20.01.13 Neueste Beiträge
The question is
It doesn't appear to be on by default. How is it turned on in 6.1z
It doesn't appear to be on by default. How is it turned on in 6.1z
jelmer kuperus, geändert vor 11 Jahren.
RE: XSS protection in Liferay 6.1 GA1
Liferay Legend Beiträge: 1191 Beitrittsdatum: 10.03.10 Neueste Beiträge
You don't because the very notion of having such a property is retarded
Now why do you think you need to enable this property.
Now why do you think you need to enable this property.
Hitoshi Ozawa, geändert vor 11 Jahren.
RE: XSS protection in Liferay 6.1 GA1
Liferay Legend Beiträge: 7942 Beitrittsdatum: 24.03.10 Neueste Beiträge
As is written in the issue, XSS protection should be enable by default. If it's not, can you provide us with a test case?
Also, there have been some security patches in 6.1.0GA1. Please check if XSS protection is enabled in liferay 6.1.1 GA2.
Also, there have been some security patches in 6.1.0GA1. Please check if XSS protection is enabled in liferay 6.1.1 GA2.