You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/ROOT/pages/8.4.0-release-notes.adoc
+14Lines changed: 14 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -69,6 +69,20 @@ The {productname} {release-version} release includes an accompanying release of
69
69
70
70
For information on the **<Premium plugin name 1>** plugin, see: xref:<plugincode>.adoc[<Premium plugin name 1>].
71
71
72
+
=== Full Page HTML
73
+
74
+
The {productname} {release-version} release includes an accompanying release of the **Full Page HTML** premium plugin.
75
+
76
+
**Full Page HTML** includes the following fix.
77
+
78
+
==== Pasting an HTML document was vulnerable to XSS attacks on link element href attribute
79
+
// #TINY-13673
80
+
81
+
A cross-site scripting (XSS) vulnerability was discovered in the Full Page HTML plugin. Previously, malicious code within the document `<head>` was able to be executed when pasted.
82
+
83
+
This vulnerability has been patched in {productname} {release-version} by ensuring that content in the document `<head>` is properly encoded.
84
+
85
+
For information on the **Full Page HTML** plugin, see: xref:fullpagehtml.adoc[Full Page HTML].
0 commit comments