Make custom field description and options rendering consistent for OnDemand and BTF

2013-08-22T04:55:59
ID ATLASSIAN:JRASERVER-34440
Type atlassian
Reporter bayers
Modified 2018-02-08T06:53:02

Description

{panel:bgColor=#e7f4fa} NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? [See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-34440]. {panel}

JIRA has different behaviour for how it renders custom field descriptions and options depending on if it's running BTF or on OnDemand.

  • On OnDemand, custom field descriptions are wiki markup, but on BTF they're HTML.
  • On OnDemand, custom field options (e.g. for checkbox) are plain text, but on BTF they're HTML.

I propose we make BTF behave the same as OnDemand. The rational is:

  • The differing behaviour introduces development and support costs, and makes it more difficult for users transitioning BTF ⇿ OnDemand.
  • Supporting HTML enables XSS attacks.
  • Supporting HTML for options causes problems for other features, e.g. charts (see attachment)