How to disable opening HTML pages without downloading the entire file
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
要約
This article covers steps to configure Bamboo to open an HTML page without downloading the entire file.
環境
All supported versions of Bamboo.
ソリューション
This option can be enabled in Bamboo under Bamboo Administration >> Security Settings >> Allow artifacts to be embedded in Bamboo pages > "This is helpful but creates an XSS vulnerability that could be exploited by malicious users".
Be aware of the Cross-Site-Scripting vulnerabilities if enabled:
"Bamboo will serve HTML artifacts as HTML pages, which will allow users to render them in their browsers. This is helpful but creates an XSS vulnerability that could be exploited by malicious users."