Last modified by Thomas Mortagne on 2017/03/24
<
From version < 26.3 >
edited by Vincent Massol
on 2013/09/09
To version < 26.4 >
edited by Vincent Massol
on 2013/09/09
>
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -86,7 +86,7 @@
86 86  
87 87  In order to prevent XSS via FileUpload, a new feature has been added : you can now specify in xwiki.properties which types of attachment can be displayed inline.
88 88  In the "Attachment" section of xwiki.properties, you can either precise a whitelist of mimetypes that can be displayed inline, or precise a blacklist of mimetypes that shouldn't be displayed inline (if you use this configuration, it is strongly advised to blacklist at least "text/html" and "text/javascript" mimetypes for security reasons).
89 -Note that attachments provided by PR users won't be affected by these restrictions.
89 +Note that attachments provided by users having Programming Rights won't be affected by these restrictions.
90 90  
91 91  == Deprecated and Retired projects ==
92 92  

About

About

Support

Platform

User Guide

Admin Guide

Developer Guide

Projects

XWiki

Extensions

Other

Contribute

Status

Practices

Under the Hood

Get Involved

Get Connected