[jira] [Commented] (CMIS-943) Hardcoded Domain in HTML in repository.jsp

JIRA Mon, 24 Aug 2015 03:51:13 -0700

    [ 
https://issues.apache.org/jira/browse/CMIS-943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14709092#comment-14709092
 ]


Florian Müller commented on CMIS-943:
-------------------------------------

repository.jsp is sample code and never used in a productive system. It 
references jQuery from a CDN, which should be ok for sample code.

Please check your scan results before opening irrelevant issues.

> Hardcoded Domain in HTML in repository.jsp
> ------------------------------------------
>
>                 Key: CMIS-943
>                 URL: https://issues.apache.org/jira/browse/CMIS-943
>             Project: Chemistry
>          Issue Type: Bug
>          Components: opencmis-client
>    Affects Versions: OpenCMIS 0.13.0
>            Reporter: Donald Kwakkel
>
> The file repository.jsp references a script using a hardcoded domain name on 
> line 27. If attackers compromise the domain, they will have malicious code on 
> this page.
> Recommendation:
> Keep control over the code your web pages invoke. Do not include scripts or 
> other artifacts from third-party sites.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (CMIS-943) Hardcoded Domain in HTML in repository.jsp

Reply via email to