How to disable opening HTML pages without downloading the entire file

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

This article covers steps to configure Bamboo to open an HTML page without downloading the entire file.

Solution

This option can be enabled in Bamboo under Bamboo Administration>>Security Settings>>Allow artifacts to be embedded in Bamboo pages > "This is helpful but creates an XSS vulnerability that could be exploited by malicious users".

Be aware of the Cross-Site-Scripting vulnerabilities if enabled:

"Bamboo will serve HTML artifacts as HTML pages, which will allow users to render them in their browsers. This is helpful but creates an XSS vulnerability that could be exploited by malicious users."

Updated on March 13, 2025
Platform
Data Center only
Product
Bamboo Data Center
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community