# Changes for page Release Notes for XWiki 5.2 Milestone 2

Last modified by Thomas Mortagne on 2017/03/24

<
From version
edited by Guillaume Delhumeau
on 2013/09/04
To version
edited by Thomas Delafosse
on 2013/09/04
>
Change comment: There is no comment for this version

## Details

Page properties
Author
 ... ... @@ -1,1 +1,1 @@ 1 -XWiki.gdelhumeau 1 +XWiki.tdelafosse
Content
 ... ... @@ -40,6 +40,12 @@ 40 40 Now, we force the Compatibility mode for Internet Explorer (IE) browsers to use the latest rendering mode. 41 41 Before, the IE browser displayed all intranet sites in compatibility mode by default. This means that even if the user was using IE9, he saw the content rendered with IE7 standards. Since we don't [[support>>dev:Community.BrowserSupportStrategy]] IE6/7 anymore this lead in displaying broken layout, scrollbars, etc. See [[XWIKI-8907>>http://jira.xwiki.org/browse/XWIKI-8907]]. 42 42 43 +== Choosing which types of attachments can be displayed inline (Security) == 44 + 45 +In order to prevent XSS via FileUpload, a new feature has been added : you can now specify in xwiki.properties which types of attachment can be displayed inline. 46 +In the "Attachment" section of xwiki.properties, you can either precise a whitelist of mimetypes that can be displayed inline, or precise a blacklist of mimetypes that shouldn't be displayed inline (if you use this configuration, it is strongly advised to blacklist at least "text/html" and "text/javascript" mimetypes for security reasons). 47 +Note that attachments provided by PR users won't be affected by these restrictions. 48 + 43 43 == Deprecated and Retired projects == 44 44 45 45
Size
 ... ... @@ -1,1 +1,1 @@ 1 -49.7 KB 1 +47.1 KB
Content