Persisted XSS protection

Issue description

Check the occurrences of datatypes string and wiki-markup cannot be abused for persisted cross site scripting. Ensure that it is not possible to create values that redirect control to a malicious individual during revisiting the input data in the fact sheet or in a service rendering.

Developer comments

With [8285, the introduction of a Content-Security-Policy] this issue was resolved as well.

Reporting date

2019-10-25

Reported by

Robert Cerny

Resolving date

2022-09-07

Resolved by

Robert Cerny

Resolved in version

Topincs 9.2.0

Part of

XSS protection(Enhancement)

Related to

Harden content security policy(Enhancement)

Work sessions

8772