Expected Behavior of HTML Tags in Jama Software®

Amanda Jennewein
Amanda Jennewein
  • Updated

In November 2015, Jama Software performed a security change required to protect our customers in both the Cloud and the self-hosted environments. With this change, we switched from a blocklist for attachment types to an allowlist (you can read more information here). The allowlist defines a list of valid HTML values that the system can render. As a result, Jama Software will not render any text that appears to be HTML that is not included in the approved allowlist.

We have recognized that, with this setting there is some confusion around how we manage HTML tags in the application. As a result, we wanted to define clear guidelines on how the application manages this information. This guidance specifically affects the following plain-text fields:

  • Predefined or custom text boxes
  • Test steps, regardless of item type

Based on these changes, in plain text fields, users should expect to see the following behavior:


Test Step - Plain Text

Add

Saved

View

Open to Edit

Saved

View

hello <world hello

hello

hello

hello <world hello

hello <world hello

hello

hello <world> hello

hello hello

hello hello

hello <world> hello

hello <world> hello

hello hello

hello < world hello

hello < world hello

hello < world hello

hello < world hello

hello < world hello

hello < world hello

hello <1world hello

hello <1world hello

hello <1world hello

hello <1world hello

hello <1world hello

hello <1world hello

hello <= world hello

hello <= world hello

hello <= world hello

hello <= world hello

hello <= world hello

hello <= world hello

Predefined Text Boxes and Custom Text Boxes - Plain Text

Add

Saved

View

Open to Edit

Saved

View

hello <world hello

hello <world hello

hello

hello <world hello

hello <world hello

hello

hello <world> hello

hello <world> hello

hello hello

hello <world> hello

hello <world> hello

hello hello

hello < world hello

hello < world hello

hello < world hello

hello < world hello

hello < world hello

hello < world hello

hello <1world hello

hello <1world hello

hello <1world hello

hello <1world hello

hello <1world hello

hello <1world hello

hello <= world hello

hello <= world hello

hello <= world hello

hello <= world hello

hello <= world hello

hello <= world hello

Test Steps and Text Boxes when HTML Tag Security Cleaner is enabled

Add

Saved

View

Open to Edit

Saved

View

hello <world hello

hello

hello

hello <world hello

hello

hello

hello <world> hello

hello hello

hello hello

hello <world> hello

hello hello

hello hello

Updating Plain Text to Rich Text
Switching to Rich Text from text does not change any values that are in the database; the system will render the values the same way as before. Editing opens the fields with the Rich Text Editor enabled. The editor will clean out anything it determines to be bad HTML. Editing and saving changes will result in the new version without any bracketed text.

Saved

View

Open to Edit

Edit

Saved

hello <world hello

hello

hello

hello <world hello

hello &lt;world hello

hello <world> hello

hello hello

hello hello

hello <world> hello

hello &lt;world&gt; hello


We hope this has been helpful. Please leave any questions or comments below.

Related to

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.