This issue has been created
There is 1 update.
 
 
XWiki Platform / cid:jira-generated-image-avatar-1fa3199a-915d-4419-854e-88c938ce4917 XWIKI-22798 Open

The code macro is missing a required rights analyzer
 
View issue   ยท   Add comment
 

Issue created

 
cid:jira-generated-image-avatar-e609aa30-19d1-4d2d-bb71-35ff31124127 Michael Hamann created this issue on 20/Jan/25 16:16
 
Summary: The code macro is missing a required rights analyzer
Issue Type: cid:jira-generated-image-avatar-1fa3199a-915d-4419-854e-88c938ce4917 Bug
Affects Versions: 15.9-rc-1
Assignee: Unassigned
Components: Rendering - Code Macro
Created: 20/Jan/25 16:16
Priority: cid:jira-generated-image-static-major-9776e2b7-1918-47f5-a1fa-65ed99259a84 Major
Reporter: Michael Hamann
Description:

Steps to reproduce:

  1. As a user without script right, save a page with a code macro with a script reference like 
    {{code source="script:doc"/}}
  2. As a user with script macro, try editing the page.

Expected result:

There is a warning regarding the script right that will be granted to the code macro.

Actual result:

There isn't any warning.

I don't see how this could have a security impact as the code macro doesn't execute the displayed content and there shouldn't be any variables in the script context that contain sensitive data.
 
 

1 update

 
cid:jira-generated-image-avatar-e609aa30-19d1-4d2d-bb71-35ff31124127 Changes by Michael Hamann on 20/Jan/25 16:16
 
Assignee: Michael Hamann
 
 
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6) Atlassian logo
If image attachments aren't displayed, see this article.