留言板
XSS protection in Liferay 6.1 GA1
In prior version of Liferay, XSS protection was enabled by setting the following entry in the portal-ext.properties:
xss.allow=false
In 6.1, it looks like this has been removed as a overriden property in portal-ext. How is it toggled on and off in 6.1? Is it on by default?
xss.allow=false
In 6.1, it looks like this has been removed as a overriden property in portal-ext. How is it toggled on and off in 6.1? Is it on by default?
Hitoshi Ozawa,修改在11 年前。
RE: XSS protection in Liferay 6.1 GA1
Liferay Legend 帖子: 7942 加入日期: 10-3-24 最近的帖子
I think you'll right. The last comment in the following issue clearly states it has been removed:
http://issues.liferay.com/browse/LPS-13246
http://issues.liferay.com/browse/LPS-13246
Even if that particular property has been removed., do you happen to know how to turn XSS on in 6.1?
I assume that they only removed the property and not XSS protection all together.
I assume that they only removed the property and not XSS protection all together.
jelmer kuperus,修改在11 年前。
RE: XSS protection in Liferay 6.1 GA1
Liferay Legend 帖子: 1191 加入日期: 10-3-10 最近的帖子
why would you want that ?
that property might just as well have been called
hackme=true
that property might just as well have been called
hackme=true
The question is
It doesn't appear to be on by default. How is it turned on in 6.1z
It doesn't appear to be on by default. How is it turned on in 6.1z
jelmer kuperus,修改在11 年前。
RE: XSS protection in Liferay 6.1 GA1
Liferay Legend 帖子: 1191 加入日期: 10-3-10 最近的帖子
You don't because the very notion of having such a property is retarded
Now why do you think you need to enable this property.
Now why do you think you need to enable this property.
Hitoshi Ozawa,修改在11 年前。
RE: XSS protection in Liferay 6.1 GA1
Liferay Legend 帖子: 7942 加入日期: 10-3-24 最近的帖子
As is written in the issue, XSS protection should be enable by default. If it's not, can you provide us with a test case?
Also, there have been some security patches in 6.1.0GA1. Please check if XSS protection is enabled in liferay 6.1.1 GA2.
Also, there have been some security patches in 6.1.0GA1. Please check if XSS protection is enabled in liferay 6.1.1 GA2.