[#QB-1337] It is a security risk that every user can execute arbitrary script by scripting the gadget title and the email field

<< Back to previous view

[QB-1337] It is a security risk that every user can execute arbitrary script by scripting the gadget title and the email field Created: 13/Aug/12 Updated: 13/Aug/12
Status:	Resolved
Project:	QuickBuild
Component/s:	None
Affects Version/s:	4.0.50
Fix Version/s:	4.0.51

Type:

Improvement

Priority:

Critical

Reporter:

Robin Shen

Assigned To:

Unassigned

Resolution:

Fixed

Votes:

Remaining Estimate:

Unknown

Time Spent:

Unknown

Original Estimate:

Unknown

Description

Now a separate permission "Allow script" is added to group. For gadget title and message gadget, the script will only be evaluated if the containing dashboard is created by an user belong to group with such permission. This also holds true for user's email field.

Generated at Thu May 16 20:45:00 UTC 2024 using JIRA 189.

[QB-1337] It is a security risk that every user can execute arbitrary script by scripting the gadget title and the email field Created: 13/Aug/12 Updated: 13/Aug/12

[QB-1337] It is a security risk that every user can execute arbitrary script by scripting the gadget title and the email field
Created: 13/Aug/12 Updated: 13/Aug/12