Tribune

Home » Liferay Portal » English » 3. Development

Vista Combinata Vista Piatta Vista ad Albero
Discussioni [ Precedente | Successivo ]
toggle
Cee Paxton
XSS protection in Liferay 6.1 GA1
20 gennaio 2013 10.21
Risposta

Cee Paxton

Punteggio: New Member

Messaggi: 3

Data di Iscrizione: 20 gennaio 2013

Messaggi recenti

In prior version of Liferay, XSS protection was enabled by setting the following entry in the portal-ext.properties:

xss.allow=false

In 6.1, it looks like this has been removed as a overriden property in portal-ext. How is it toggled on and off in 6.1? Is it on by default?
Hitoshi Ozawa
RE: XSS protection in Liferay 6.1 GA1
20 gennaio 2013 13.07
Risposta

Hitoshi Ozawa

Punteggio: Liferay Legend

Messaggi: 7949

Data di Iscrizione: 23 marzo 2010

Messaggi recenti

I think you'll right. The last comment in the following issue clearly states it has been removed:

http://issues.liferay.com/browse/LPS-13246
Cee Paxton
RE: XSS protection in Liferay 6.1 GA1
20 gennaio 2013 13.12
Risposta

Cee Paxton

Punteggio: New Member

Messaggi: 3

Data di Iscrizione: 20 gennaio 2013

Messaggi recenti

Even if that particular property has been removed., do you happen to know how to turn XSS on in 6.1?

I assume that they only removed the property and not XSS protection all together.
Jelmer Kuperus
RE: XSS protection in Liferay 6.1 GA1
20 gennaio 2013 13.53
Risposta

Jelmer Kuperus

Punteggio: Liferay Legend

Messaggi: 1192

Data di Iscrizione: 10 marzo 2010

Messaggi recenti

why would you want that ?

that property might just as well have been called

hackme=true
Cee Paxton
RE: XSS protection in Liferay 6.1 GA1
20 gennaio 2013 14.09
Risposta

Cee Paxton

Punteggio: New Member

Messaggi: 3

Data di Iscrizione: 20 gennaio 2013

Messaggi recenti

The question is

It doesn't appear to be on by default. How is it turned on in 6.1z
Jelmer Kuperus
RE: XSS protection in Liferay 6.1 GA1
20 gennaio 2013 23.08
Risposta

Jelmer Kuperus

Punteggio: Liferay Legend

Messaggi: 1192

Data di Iscrizione: 10 marzo 2010

Messaggi recenti

You don't because the very notion of having such a property is retarded

Now why do you think you need to enable this property.
Hitoshi Ozawa
RE: XSS protection in Liferay 6.1 GA1
21 gennaio 2013 3.22
Risposta

Hitoshi Ozawa

Punteggio: Liferay Legend

Messaggi: 7949

Data di Iscrizione: 23 marzo 2010

Messaggi recenti

As is written in the issue, XSS protection should be enable by default. If it's not, can you provide us with a test case?
Also, there have been some security patches in 6.1.0GA1. Please check if XSS protection is enabled in liferay 6.1.1 GA2.

Participate in the State of Liferay Community 2017. Help the community and even win some prizes!