How to disable opening HTML pages without downloading the entire file
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
This article covers steps to configure Bamboo to open an HTML page without downloading the entire file.
Environment
All supported versions of Bamboo.
Solution
This option can be enabled in Bamboo under Bamboo Administration >> Security Settings >> Allow artifacts to be embedded in Bamboo pages > "This is helpful but creates an XSS vulnerability that could be exploited by malicious users".
Be aware of the Cross-Site-Scripting vulnerabilities if enabled:
"Bamboo will serve HTML artifacts as HTML pages, which will allow users to render them in their browsers. This is helpful but creates an XSS vulnerability that could be exploited by malicious users."