Servoy 2020 Documentation
Child pages
  • 8.1.1 RC

Versions Compared

Old Version 10

changes.mady.by.user Johan Compagner (wiki)

Saved on

compared with

New Version 11

changes.mady.by.user Johan Compagner (wiki)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Cross-Site Scripting (XSS):
The big item for this release is that we changed the way servoy displays and execute html with javascript for
the webclient and ngclient, see these 2 wike pages also for settings and usefull infohttps://wiki.servoy.com/pages/viewpage.action?pageId=23397000
https://wiki.servoy.com/display/DOCS/Security+

Cross-Site Scripting
Admin page security settings

By default now servoy will not allow javascript or other dangerous html things to be inserted into labels or html area's as is.
It will sanatize (strip) the html of that. You can override these setting on various level, the best way is to do it on element level, try to avoid setting it on solution level or on all solutions (through the admin page setting)
Because then you really need to be sure that all data that you show in html area's or labels are coming from trusted sources (like pure design time values) that they are not coming from data.

...