Loading...

XML

Word

Printable

Type: New Feature
Resolution: Done
Priority: Major
Fix Version/s: 10.0.0
Affects Version/s: 9.6.3
Component/s: None
Labels:
- security

Safety specification requirements:
None

User Story

As an application developer, I hope a UI framework works with the safest policy by default, no need developer to enable it manually. But provide a way to disable/override the limit.

Acceptance Criteria

1. Enable InaccessibleWidgetBlockService by default to block disabled or invisible components
2. app developers can disable the default blocking service. (This can be a special case of apply a custom blocking service)
3. app developers can apply their own custom blocking service.

Details

Enable InaccessibleWidgetBlockService to make ZK framework safer by default. There is a rare case that end-users require to click a disabled button.
https://forum.zkoss.org/question/114690/vulnerability-detected-textbox-with-bind-but-disabled-chrome-debugger-opens-backdoor/

Assignee:: jamson
Reporter:: hawk
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: 15/Feb/23 10:33 AM
Updated:: 26/Aug/24 7:36 AM
Resolved:: 29/Aug/23 2:01 AM

Details

Description

User Story

Acceptance Criteria

Details

Attachments

Activity

People

Dates