View Issue Details

This bug affects 1 person(s).
 6
IDProjectCategoryView StatusLast Update
17714Bug reportsErgonomypublic2023-03-10 12:23
ReporterMazi Assigned Toc_schmitz  
PrioritynoneSeverityminor 
Status confirmedResolutionopen 
Product Version5.2.x 
Summary17714: Improve feature description at Global Settings for "Disable question script for XSS restricted user:"
Description

At Globnal Settings -> Security not only the description for the setting "Disable question script for XSS restricted user:" is difficult to understand, also the help text does not help much: If you disable this option : user with XSS restriction still can add script. This allows user to add cross-site scripting javascript system.

Steps To Reproduce

Steps to reproduce

Go to Global Settings -> Security

Expected result

An easy to understand description of what the feature can be used for

Actual result

Text which is difficult to understand

TagsNo tags attached.
Attached Files
image.png (39,416 bytes)   
image.png (39,416 bytes)   
Bug heat6
Complete LimeSurvey version number (& build)Version 5.2.0+211110
I will donate to the project if issue is resolvedNo
Browser
Database type & versionx
Server OS (if known)
Webserver software & version (if known)
PHP Version8.1

Users monitoring this issue

There are no users monitoring this issue.

Activities

Mazi

Mazi

2021-11-10 21:59

updater   ~67237

@c_schmitz, maybe you can easily improve this?

c_schmitz

c_schmitz

2021-11-10 23:43

administrator   ~67238

Last edited: 2021-11-11 09:43

First @DenisChenu needs to explain what this does, because I still did not understand it.

DenisChenu

DenisChenu

2021-11-11 19:08

developer   ~67259

You can have XSS enabled for simple user
But allow this simple user to create javascript function in the dedicated textarea

Issue History

Date Modified Username Field Change
2021-11-10 21:59 Mazi New Issue
2021-11-10 21:59 Mazi File Added: image.png
2021-11-10 21:59 Mazi Note Added: 67237
2021-11-10 21:59 Mazi Bug heat 0 => 2
2021-11-10 23:43 c_schmitz Note Added: 67238
2021-11-10 23:43 c_schmitz Bug heat 2 => 4
2021-11-11 09:43 galads Assigned To => galads
2021-11-11 09:43 galads Status new => confirmed
2021-11-11 09:43 galads Steps to Reproduce Updated
2021-11-11 09:43 galads Zoho Project Synchronization => |Yes|
2021-11-11 19:08 DenisChenu Note Added: 67259
2021-11-11 19:08 DenisChenu File Added: Capture d’écran du 2021-11-11 19-08-01.png
2021-11-11 19:08 DenisChenu Bug heat 4 => 6
2023-03-10 12:23 Mazi Assigned To galads => c_schmitz