UMB.FYI

Articles tagged #javascript

UMB.FYI
2026-02-04

📰 Mitigating CVE-2025-67288 in Umbraco 13 (if you feel you need to)

Jason Elkin critiques CVE-2025-67288, arguing it misrepresents Umbraco's security regarding PDF uploads with embedded JavaScript. He asserts that Umbraco does not process such files for remote code execution or XSS vulnerabilities. Elkin proposes implementing an IFileStreamSecurityAnalyzer to enhance file safety checks, mitigating potential risks effectively.

#javascript #security

📰 Handling editor-injected JavaScript in Umbraco v17 with Umbraco Community CSPManager

Debasish Gracias discusses implementing a Content Security Policy (CSP) for Umbraco v17, focusing on allowing editors to embed JavaScript securely. He outlines a method to automatically inject CSP nonces into editor-supplied script tags, ensuring compliance with strict CSP settings while maintaining flexibility for content creators.

#javascript #security
UMB.FYI
2026-01-28

📰 Package.json as Single Source of Truth: How Umbraco Auto-Generates TypeScript Paths and Browser Import Maps

Jacob Overgaard discusses how Umbraco CMS addresses the dual-resolution problem in web applications with over 120 shared packages. By treating package.json exports as a single source of truth, Umbraco employs code generation to automate the creation of TypeScript paths, browser import maps, and test runner configurations, eliminating configuration drift and ensuring consistency across development, build, and runtime environments.

#javascript #typescript
UMB.FYI
Archive Polls Pulse Tips Firehose Privacy About

UMB.FYI is built with ❤ by the Umbraco community and is not affiliated with Umbraco HQ