View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 4
IDProjectCategoryView StatusDate SubmittedLast Update
20316Feature requestsOtherpublic2025-10-22 11:242025-10-22 16:35
ReporterDenisChenu Assigned To 
PrioritynoneSeverityfeature 
Status newResolutionopen 
Summary20316: XSS for superadmin too
Description
  1. Some user want XSS for superadmin too. Then automatic control system stay green.
  2. XSS on question text fix HTML and some superadmin need it
  3. We have a script textarea now : allow XSS is less needed
Additional Information

In my opinion : only config.php updfate. Can not be updated by GUI

  1. 1st settings : xss_forced_for_all : forced XSS for all, superadmin included. Show XSS settings disable, and a help showing it's enable for superadmin too. Default false.
  2. 2nd settings script_for_superadmin : only used if xss_forced_for_all is activated. Default true (?) (update help of Show script too)
TagsNo tags attached.
Bug heat4
Story point estimate0
Users affected %10

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2025-10-22 11:27

developer   ~83636

@ tibor.pacalat : same than some other feature request.
Have a prospect, if quote is OK : I take it.

The alternative is to create a plugin, but

  1. I think it can be interesting for all
  2. Less difficult to integrate in core (less code)
  3. Integrate in core allow update GUI settings
tibor.pacalat

tibor.pacalat

2025-10-22 16:33

administrator   ~83650

From Carsten:
I don't think it should be implemented that way, but instead a user permission should be created for this.
DenisChenu

DenisChenu

2025-10-22 16:35

developer   ~83651

From global settings to User Permission ?
Leaving global settings for the default value ?

BUT we still have the same issue for superadmin !

Issue History

Date Modified Username Field Change
2025-10-22 11:24 DenisChenu New Issue
2025-10-22 11:27 DenisChenu Note Added: 83636
2025-10-22 11:27 DenisChenu Bug heat 0 => 2
2025-10-22 11:27 DenisChenu Additional Information Updated
2025-10-22 16:33 tibor.pacalat Note Added: 83650
2025-10-22 16:33 tibor.pacalat Bug heat 2 => 4
2025-10-22 16:35 DenisChenu Note Added: 83651