For this week’s accelerated WebUI release, we’ll be pushing updates to the WebUI Custom app to be better around how it handles custom Fixlets that have script elements inside their descriptions.
Previously, the WebUI would strip out these elements automatically when people edited custom content within the WebUI (arbitrary code execution is bad) but people would miss the warnings in the UI we had about this.
The WebUI will now display a bigger warning and prevent people from editing custom content with scripting elements within the WebUI (we’re working on a safe way to do this). For folks that want to do editing of custom content that have scripting elements, we recommend they stick to using the BES Console for now.
As always, if you guys have particular questions or feedback feel free to poke this thread…
<3 <3 WebUI Team