How to disable opening HTML pages without downloading the entire file

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

This article covers steps to configure Bamboo to open an HTML page without downloading the entire file.

Environment

All supported versions of Bamboo.

Solution

This option can be enabled in Bamboo under Bamboo Administration >> Security Settings >> Allow artifacts to be embedded in Bamboo pages > "This is helpful but creates an XSS vulnerability that could be exploited by malicious users".

Be aware of the Cross-Site-Scripting vulnerabilities if enabled:

"Bamboo will serve HTML artifacts as HTML pages, which will allow users to render them in their browsers. This is helpful but creates an XSS vulnerability that could be exploited by malicious users."

Last modified on Nov 16, 2022

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.