[MGNLEE-828] Compromised JS files only checked if they are zipped Created: 12/Sep/23 Updated: 21/Nov/23 Resolved: 13/Nov/23 |
|
| Status: | Closed |
| Project: | Magnolia DX Core |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 6.2.41 |
| Type: | Bug | Priority: | Neutral |
| Reporter: | Carlos Cantalapiedra | Assignee: | ricardo gonzalez |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | 1.5h | ||
| Time Spent: | 5.5h | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||
| Template: |
|
||||||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||||||
| Task DoD: |
[X]*
Doc/release notes changes? Comment present?
[X]*
Downstream builds green?
[X]*
Solution information and context easily available?
[X]*
Tests
[X]*
FixVersion filled and not yet released
[X] 
Architecture Decision Record (ADR)
|
||||||||||||||||||||
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
||||||||||||||||||||
| Release notes required: |
Yes
|
||||||||||||||||||||
| Date of First Response: | |||||||||||||||||||||
| Epic Link: | AuthorX Support | ||||||||||||||||||||
| Team: | |||||||||||||||||||||
| Work Started: | |||||||||||||||||||||
| Approved: |
Yes
|
||||||||||||||||||||
| Description |
| Comments |
| Comment by Dominik Maslanka [ 12/Oct/23 ] |
|
DAM is not intended for storing JS code. Instead, ResourceApp provides a convenient method for modifying files for the light modules. Typically, JS files can be managed there, for example: https://demoauthor.magnolia-cms.com/.magnolia/admincentral#app:resources:browser more about it here: https://docs.magnolia-cms.com/product-docs/6.2/Developing/Resources.html |
| Comment by Jan Haderka [ 16/Oct/23 ] |
In which case DAM should actively disallow for the JS file to be uploaded in a first place. |