View Issue Details

IDProjectCategoryView StatusLast Update
15096Feature requests[All Projects] Securitypublic2019-09-18 16:42
ReporterDenisChenu Assigned To 
PrioritynoneSeverityfeature 
Status newResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary15096: XSS for super-admin too
Description

Currently XSS settings do 2 things :

  1. Filter XSS
  2. Filter HTML

I like to have a filter HTML when i'm super-admin too.

And filter XSS can be good for super-admin too.

Additional Information

Maybe separation between XSS and Script (for 4.0) can be great too
Default XSS == 1 => XSS on for (! superadmin && !ForcedAdmin)
XSS = 0 : Xss all for all

Add script active settings (start in config.php)

Then we can have
XSS true for : (!ForcedAdmin) or (!superadmin) or (All user)
script true for : (same as XSS (default)) or All user (even with XSS enable) or superadmin (even if XSS for superadmin).

This settings can be accessible only via php file.

TagsNo tags attached.

Activities

DenisChenu

DenisChenu

2019-09-18 16:42

developer   ~53640

Update solution :

  1. XSS true for : (!ForcedAdmin (current default)) or (!superadmin) or (All user (current disable XSS))
  2. script true for : (same as XSS (default)) or All user (even with XSS enable) or superadmin (even if XSS for superadmin).

This settings can be accessible only via php file.

Issue History

Date Modified Username Field Change
2019-08-01 15:06 DenisChenu New Issue
2019-09-18 16:41 DenisChenu Additional Information Updated View Revisions
2019-09-18 16:42 DenisChenu Note Added: 53640