Investigate and implement script tag prevention #519
Labels
Priority: High
This task is high priority and should be tackled soon
Storylines Viewer
Work surrounding the Storylines Viewer that loads individual StoryRAMP products
Comments
szczz
added
Priority: High
szczz
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
During the 12-17 Platform meeting, we decided that we didn't want to remove the ability for tags to be included in text panels, despite the expectation for custom styles to be added from the advanced editor. There are greater benefits to allowing this than there are realistic risks from users choosing to add their styles this way.
However, we shouldn't allow things like scripts tags to be included as this is a security issue.
Investigate whether script tags can be injected in storylines products, and if so we need to implement a fix on the storylines side to properly strip these.
Related issues
ramp4-pcar4/storylines-editor#423
The text was updated successfully, but these errors were encountered: