Bug #17641
Updated by Nicolas CHARLES almost 4 years ago
We can use markdown for Directives and Groups description, to have more friendly description notably, scripts are evaluated However, it's possible to put script with this markdown, that gets executed when displaying the group or directive details (and are also evaluated in change request list) This ticket fixes the issue by using the showdown xss filter to prevent evaluation of javascript in markdown list