Expected Behavior of HTML Tags in Jama Software

By Jess posted 09-26-2017 12:47

  

In November of 2015, Jama Software performed a security change required to protect our customers both in the cloud environment and on-premises. With this change, we switched from a blacklist for attachment types to a whitelist (you can read more information here). The whitelist defines a list of valid HTML values that the system can render. As a result, Jama Software will not render any text that appears to be HTML that is not included in the approved whitelist.

We have recognized that, with this setting there is some confusion around how we manage HTML tags in the application. As a result, we wanted to define clear guidelines on how the application manages this information. This guidance specifically affects the following plain-text fields:

  • Predefined or custom text boxes
  • Test steps, regardless of item type

Based on these changes, in plain text fields, users should expect to see the following behavior:


Test Step - Plain Text

Add

Saved

View

Open to Edit

Saved

View

hello <world hello

hello

hello

hello <world hello

hello <world hello

hello

hello <world> hello

hello hello

hello hello

hello <world> hello

hello <world> hello

hello hello

hello < world hello

hello < world hello

hello < world hello

hello < world hello

hello < world hello

hello < world hello

hello <1world hello

hello <1world hello

hello <1world hello

hello <1world hello

hello <1world hello

hello <1world hello

hello <= world hello

hello <= world hello

hello <= world hello

hello <= world hello

hello <= world hello

hello <= world hello


Predefined Text Boxes and Custom Text Boxes - Plain Text

Add

Saved

View

Open to Edit

Saved

View

hello <world hello

hello <world hello

hello

hello <world hello

hello <world hello

hello

hello <world> hello

hello <world> hello

hello hello

hello <world> hello

hello <world> hello

hello hello

hello < world hello

hello < world hello

hello < world hello

hello < world hello

hello < world hello

hello < world hello

hello <1world hello

hello <1world hello

hello <1world hello

hello <1world hello

hello <1world hello

hello <1world hello

hello <= world hello

hello <= world hello

hello <= world hello

hello <= world hello

hello <= world hello

hello <= world hello


Test Steps and Text Boxes when HTML Tag Security Cleaner is enabled

Add

Saved

View

Open to Edit

Saved

View

hello <world hello

hello

hello

hello <world hello

hello

hello

hello <world> hello

hello hello

hello hello

hello <world> hello

hello hello

hello hello


Updating Plain Text to Rich Text

Switching to rich text from text does not change any values that are in the database; the system will render the values the same way as before. Editing opens the fields with the rich text editor enabled. The editor will clean out anything it determines to be bad HTML. Editing and saving changes will result in the new version without any bracketed text.

Saved

View

Open to Edit

Edit

Saved

hello <world hello

hello

hello

hello <world hello

hello &lt;world hello

hello <world> hello

hello hello

hello hello

hello <world> hello

hello &lt;world&gt; hello


We hope this has been helpful. Please leave any questions or comments below.


#bestpractices
0 comments
243 views