Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-116514

Add a configuration option to allow disabling the ability to create new Freemarker Fragments in a System

    Details

      Description

      Intro/Context:

      Liferay provides site administrators the ability to create custom Fragments which use freemarker to produce dynamic HTML. However in some contexts it's not desired to enable this possibility since it provides too much power and possibilities of impacting the system through bad template code. For sensitive systems, it might be preferable to disable the usage of freemarker and reduce the flexibility in exchange for higher system safety.

      The goal of this story is to provide a configuration option, which allows System Administrators to completely disable creation the execution of freemarker for fragments for the whole system (all of its virtual instances). When Freemarker fragments are disabled, it should not be possible to execute the freemarker code on fragments other than OOTB fragments or system fragments.

      -

      Given system administrator disables freemakers for fragments

      -

      When a page creator creates a new Fragment

      Then the freemarker MUST NOT be executed

      -

      When system administrator deploys a Zip containing a fragment with freemaker at system level

      Then the freemarker MUST be executed

      -

      When a Page Creator copies a OOTB fragment that uses a Freemarker 

      Then the freemarker code MUST NOT be executed.

      Test Scenarios

      Test Scenarios Test Strategy Kind of test Is it covered by FrontEnd ? (JS-Unit) Is it covered by BackEnd ? (unit or integration) Could it be covered by POSHI?
      The freemarker in new fragment created in portal is not executed when disable freemarker Critical Manual No Yes Yes
      The freemarker in imported fragment is not executed when disable freemarker High Manual No Yes Yes
      The freemarker in a copy of contributed fragment is not executed when disable freemarker High Manual No Yes Yes
      The freemarker in contributed fragment is still executed when disable freemarker High Manual No Yes Yes

        Attachments

          Activity

            People

            Assignee:
            manoel.cyreno Manoel Cyreno
            Reporter:
            jorge.ferrer Jorge Ferrer
            Engineering Assignee:
            Pavel Savinov (Inactive)
            Recent user:
            Kiyoshi Lee
            Participants of an Issue:
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                Master