NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-08-08 08:38:16 -06:00
Code Issues Actions 15 Packages Projects Releases Wiki Activity

Issue #16934: Escape config-revision banner values by default

Browse Source 
- Default to HTML-escaping banner values before displaying them
- Also default to escaping banner values in config form previews
- Escape names of dependent objects displayed when deleting parents
This commit is contained in:
Jeff Gehlbach 2024-07-18 17:32:38 -04:00
parent 954d0cfcd0
commit 7ab0345450
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
docs/configuration/security.md
View File

@ -120,6 +120,17 @@ DEFAULT_PERMISSIONS = {
---
## ESCAPE_BANNERS
Default: True
When disabled, banners will be displayed without first being HTML escaped for safety.
!!! info "Changed in NetBox v4.0.8"
Prior to NetBox v4.0.8, this setting was disabled by default.
---
## EXEMPT_VIEW_PERMISSIONS
Default: Empty list