...
Access to web pages is based on repository permissions. Users need at least read access to the repository to view web pages in Bitbucket. For security reasons, by default, pages are unavailable for branches or tags in personal repositories. But in the plugin settings, you can configure which groups can enable pages in personal repositories.
| Table of Contents | ||||
|---|---|---|---|---|
|
XSS Attacks
We've added an option to disable JavaScript on rendered pages to reduce the risk of allowing potentially malicious content in git repositories. You can disable JavaScript either on a global level or a repository level.
Another method for reducing the risk of XSS vulnerability is to configure an external domain.