A user with permission to push code to repository may edit build spec to publish html report containing malicious javascript code or links, and other users accessing that report will be subject to XSS attack.
To solve the issue, the html report publish ability will be removed.
A user with permission to push code to repository may edit build spec to publish html report containing malicious javascript code or links, and other users accessing that report will be subject to XSS attack.
To solve the issue, the html report publish ability will be removed.