BugzillaJS icon indicating copy to clipboard operation
BugzillaJS copied to clipboard
verified publisher icon gkoberger

Disable inline images on security bugs

Open rik opened this issue 12 years ago • 5 comments

Because those bugs can contain dangerous images.

rik avatar Jun 21 '13 19:06 rik

Oh please god.

albill avatar Jun 22 '13 20:06 albill

@globau I used the class bz_group_websites-security to check for this but it seems a bit specific. Do you know another way to detect all security bugs?

rik avatar Aug 20 '13 07:08 rik

indeed, bz_group_websites-security isn't sufficient. check the body element for any classes which start with bz_group_

globau avatar Aug 20 '13 08:08 globau

Wouldn't that also include private bugs like MoCo internal?

rik avatar Aug 20 '13 08:08 rik

yes, it'll catch all non-public bugs. bugzilla doesn't care if a group is used for "security issues" or any other reason. looking at the groups we have defined, it looks like looking for bz_group__security_ should be ok, with the only current exception to that rule being "infrasec".

globau avatar Aug 20 '13 08:08 globau