Enhancement
It should be possible to hide the "Select Server Script" button in the Script Recorder GUI via application configuration. Background of the request are so called "hacker tests" at the customer, which showed that with this functionality it is possible to browse through the whole content of the webapp directory.
Implementation
{{#!xml <application xmlns:config="http://www.top-logic.com/ns/config/6.0">
<configs>
<config config:interface="com.top_logic.layout.scripting.template.gui.ScriptingGuiConfig"
show-server-script-selector="false"
/>
</configs>
</application> }}
Test
- Set the configuration to false.
- Check that in the ScriptingGui the "Select server script" button is not displayed.
- Check that the ScriptingGui does not display the Save button.
- Set the configuration to true.
- Check that both buttons are displayed.
Screenshots