Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-13987

Admin UI should not rely on javascript eval()

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 8.4
    • Admin UI
    • None

    Description

      Followup from SOLR-13982: currently any CSP is weak because it must allow this eval: means arbitrary javascript can still be executed.

      Let's fix the admin UI to not require eval so it can be disabled by the browser.

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            krisden Kevin Risden
            rcmuir Robert Muir
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 40m
                40m

                Slack

                  Issue deployment