Support #13551
[SCP ID :##6715##] : IOS: Copy & Paste issue
Status: | Work Completed-End life cycle | Start date: | July 04, 2023 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | Siti Balqis Othman | % Done: | 100% | |
Category: | IBAM | Spent time: | - | |
Target version: | - |
Description
Hi Balqis,
Kindly attend below request.
We notice that currently system are allowed copy & paste when customer access agronet/agronetBIZ using IOS. Sample screen as below. Please help to check and provide us necessary fixes to disallow copy & paste as this can exposed to vulnerabilities and can be abused to execute cross-site scripting (XSS) attacks and data exfiltration.
Thank you.
History
#1 Updated by Siti Balqis Othman about 1 year ago
- Status changed from New - Begin Life Cycle to System Integration Test
- % Done changed from 0 to 100
Finding:
The current AGRONet/ AGRONetBIZ behavior will allow users to select any content on the website and perform a copy.
Solution:
To disable this function. Penril does enhancement on current CSS to add a method to disable the ability for users to select text or interact with elements through mouse or keyboard action.
Impact analysis:
Customer will not be able to do any select action to any content at AGRONet and AGRONetBIZ.
The patch already deployed to SIT environment for Bank to verify.
#2 Updated by Siti Balqis Othman 12 months ago
- Status changed from System Integration Test to Work Completed-End life cycle
Complete deploy to production on 29/09/2023.