Content
View differences
Updated by Oliver Günther over 1 year ago
### Before filing a report
_Before you file a report, please ensure you are running the latest version of OpenProject and_
_have searched for similar bug reports._
### Steps to reproduce
1. Login as a user with permissions to manage members in project Operations
2. Go to the daily reports wiki
3. Click HTML report link
### What is the buggy behavior?
* The link opens the HTML document as raw text in a new tab as shown.
<br>
<img class="op-uc-image op-uc-image_inline" src="/api/v3/attachments/231018/content">
### What is the expected behavior?
* 1. The links are treated as downloaded links, so the would cause an HTML page is downloaded and can be opened by the user.
* Reasoning: If you have custom reports, you would like people document to be able to view the HTML. For security reasons, OpenProject does not inline render HTML files in the domain of the application, a new tab as this is a common attack surface for XSS, CSRF, Open Redirect vulnerabilities
<br>
shown.
<img class="op-uc-image op-uc-image_inline" src="/api/v3/attachments/231021/content">
### Important note
_Please note that unless you are a contributor to OpenProject, you can no longer edit this bug report after saving. You can still add new comments, new images and upload attachments though, but updating description or modifying fields will not be possible after saving. Please make sure that all necessary information and attachments are added, and the following attributes are set:_
### **Logs**
I have not looked at the logs.
### Screenshots and other files
I attached the relevant screen shots showing the before and after behavior. behavior.
### Environment information
* **Current Install (when the issue was introduced):**
* Docker-compose install version 14.6.2
* **Previous Install (when the issue was absent):**
* Docker-compose install version 14.4.x
**Browser**
* [x] Chrome
* [ ] Firefox
* [ ] Safari
* [ ] Mobile Safari
* [ ] Other (please specify)
**Operating System**
* [x] Linux (Ubuntu 22.04 LTS)
**Language**
_English_
_Before you file a report, please ensure you are running the latest version of OpenProject and_
_have searched for similar bug reports._
### Steps to reproduce
1. Login as a user with permissions to manage members in project Operations
2. Go to the daily reports wiki
3. Click HTML report link
### What is the buggy behavior?
* The link opens the HTML document as raw text in a new tab as shown.
<br>
### What is the expected behavior?
*
* Reasoning: If you have custom reports, you would like people
<br>
### Important note
_Please note that unless you are a contributor to OpenProject, you can no longer edit this bug report after saving. You can still add new comments, new images and upload attachments though, but updating description or modifying fields will not be possible after saving. Please make sure that all necessary information and attachments are added, and the following attributes are set:_
### **Logs**
I have not looked at the logs.
### Screenshots and other files
I attached the relevant screen shots showing the before and after behavior.
### Environment information
* **Current Install (when the issue was introduced):**
* Docker-compose install version 14.6.2
* **Previous Install (when the issue was absent):**
* Docker-compose install version 14.4.x
**Browser**
* [x] Chrome
* [ ] Firefox
* [ ] Safari
* [ ] Mobile Safari
* [ ] Other (please specify)
**Operating System**
* [x] Linux (Ubuntu 22.04 LTS)
**Language**
_English_