You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/infrastructure_and_maintenance/security/security_checklist.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -147,9 +147,9 @@ Reduce your attack surface by exposing only what you must.
147
147
### Limit access to Code blocks
148
148
149
149
The [Code block]([[= user_doc =]]/content_management/block_reference/#code-block) in Page Builder is designed to accept any HTML, which includes embedded JavaScript.
150
-
This means that malicious JS including [cross site scripting (XSS)](https://en.wikipedia.org/wiki/Cross-site_scripting) is necessarily possible for editors that have access to Code blocks.
151
-
As site administrator you should be aware of this when giving editors access to the Page Builder features, and limit that access only to highly trusted editors.
152
-
It is possible to [limit access to specific blocks per content type]([[= user_doc =]]/content_management/configure_ct_field_settings/#default-configuration-of-pages), where you can define which page blocks are available to an editor.
150
+
This means that editors who have access to Code blocks could add malicious JS including [cross site scripting (XSS)](https://en.wikipedia.org/wiki/Cross-site_scripting).
151
+
As site administrator, be aware of this when giving editors access to the Page Builder features, and limit that access only to trusted editors.
152
+
You can [limit access to specific blocks per content type]([[= user_doc =]]/content_management/configure_ct_field_settings/#default-configuration-of-pages) by defining which page blocks are available to editors.
0 commit comments