AnsweredAssumed Answered

Alfresco and cross-site attack

Question asked by warrenzhai on Apr 9, 2007
Latest reply on Apr 16, 2007 by rdanner
I am able to upload the following HTML document in Alfresco which may contain some malicious Javascript:

<html>
   <head>
   </head>

   <body>
      <script type="text/javascript">
         alert("You have been XSS attacked!");
      </script>
   </body>
</html>

Users who view this HTML document may inadvertently execute malicious JavaScript code in the background.  I am wondering what can be done to prevent this in Alfresco (1.3).

Outcomes