Last modified by Thomas Mortagne on 2017/03/24

<
From version < 61.1 >
edited by Vincent Massol
on 2013/09/27
To version < 61.3 >
edited by Vincent Massol
on 2014/05/05
>
Change comment: styling

Summary

Details

Page properties
Content
... ... @@ -129,8 +129,9 @@
129 129  
130 130  == Choosing which types of attachments can be displayed inline (Security) ==
131 131  
132 -In order to prevent XSS via FileUpload, a new feature has been added : you can now specify in xwiki.properties which types of attachment can be displayed inline.
133 -In the "Attachment" section of xwiki.properties, you can either precise a whitelist of mimetypes that can be displayed inline, or precise a blacklist of mimetypes that shouldn't be displayed inline (if you use this configuration, it is strongly advised to blacklist at least "text/html" and "text/javascript" mimetypes for security reasons).
132 +In order to prevent XSS via FileUpload, a new feature has been added: you can now specify in ##xwiki.properties## which types of attachment can be displayed inline.
133 +In the "Attachment" section of ##xwiki.properties##, you can either precise a whitelist of mimetypes that can be displayed inline, or precise a blacklist of mimetypes that shouldn't be displayed inline (if you use this configuration, it is strongly advised to blacklist at least ##text/html## and ##text/javascript## mimetypes for security reasons).
134 +
134 134  Note that attachments provided by users having Programming Rights won't be affected by these restrictions.
135 135  
136 136  == Miscellaneous ==
... ... @@ -163,11 +163,9 @@
163 163  
164 164  == General Notes ==
165 165  
166 -You may also want to [[import the default wiki XAR>>Main.Download]] in order to benefit from all the improvements listed above.
167 +== General Notes ==
167 167  
168 -{{warning}}
169 -Always make sure you compare your ##xwiki.cfg## and ##xwiki.properties## files with the newest version since some configuration parameters were added. Note that you should add ##xwiki.store.migration=1## so that XWiki will attempt to automatically migrate your current database to the new schema. Make sure you backup your Database before doing anything.
170 -{{/warning}}
169 +When upgrading make sure you compare your ##xwiki.cfg##, ##xwiki.properties## and ##web.xml## files with the newest version since some configuration parameters may have been modified or added. Note that you should add ##xwiki.store.migration=1## so that XWiki will attempt to automatically migrate your current database to the new schema. Make sure you backup your Database before doing anything.
171 171  
172 172  == Issues specific to XWiki 5.2 Milestone 2 ==
173 173  

Get Connected