<!DOCTYPE html> <html lang="en"> <head><meta name="csrf" content="uvn0LJJS-pQ165exD14zcYRi_LivwhQMuI14"> <link rel="preconnect" href="https://dac-static.atlassian.com" crossorigin /> <link rel="dns-prefetch" href="https://dac-static.atlassian.com" /> <script defer type="text/javascript" src="https://dac-static.atlassian.com/_static/polyfills.2fbfe3cfc70c64f23379.bundle.js"></script> <script defer type="text/javascript" src="https://dac-static.atlassian.com/_static/documentation-changelogs-docs-index-rest-api-docs-rest-docs-search-graphql-docs-graphql-sandbox-jsapi-connect-module-pages-analytics-and-cookie-preferences-homepage-errors-supportdesk.37387166404821985a5b.bundle.js"></script><script defer type="text/javascript" src="https://dac-static.atlassian.com/_static/documentation-changelogs-docs-index-rest-api-docs-rest-docs-search-graphql-docs-graphql-sandbox-jsapi-connect-module-pages-homepage-errors-supportdesk.3cdb946b9cf346a1c81f.bundle.js"></script><script defer type="text/javascript" src="https://dac-static.atlassian.com/_static/documentation.3cb109c065b5662b0593.bundle.js"></script> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta data-react-helmet="true" name="description" content="Learn how to prevent cross site scripting (XSS) attacks in Atlassian Cloud apps."/> <meta name="dac:version" content="1.498.31"> <link rel="shortcut icon" href="https://dac-static.atlassian.com/favicon.ico" type="image/x-icon"> <link rel="icon" href="https://dac-static.atlassian.com/favicon.ico" type="image/x-icon"> <link rel="search" href="https://dac-static.atlassian.com/opensearch.xml" type="application/opensearchdescription+xml"> <script nonce="5BHBW9r9DicVrF7kk1LLhBJmyHzyNCJGw/hfG7wL8q0=" type="text/javascript">window.__DATA__ = {"jiraIssueCollectorId":"ee87e716","page":{"document":[{"type":"markdown","content":"# Preventing XSS attacks\n\n"},{"type":"shortcode","name":"note","arguments":[{"name":"title","value":"Did you know"}],"content":"\n\nThe most common type of marketplace app vulnerability reported through the Atlassian bug bounty program are Cross-Site Scripting (XSS) attacks.\n"},{"type":"markdown","content":"\n\nCross-site scripting (XSS) is a web security vulnerability that allows an attacker to compromise interactions that users have with a vulnerable web application by injecting malicious code.\n\nThis page provides a basic introduction to the different types of XSS attacks with reference to Atlassian Cloud apps, outlines the built-in security our cloud platforms provide, and provides information on preventing XSS attacks in Atlassian cloud apps.\n\n## What is cross site scripting (XSS)?\n\nXSS attacks happen when malicious scripts are injected into what would usually be considered a safe or trustworthy site. Attackers use a web application to send malicious code (generally in the form of a browser side script) to another end user.\n\nThese kinds of attacks are quite widespread, with the potential to occur anywhere a web application uses input from a user within the output it generates (without validating or encoding it).\n\nThese attacks can expose the end users session tokens or any other sensitive information retained by the browser and used within the affected site. They could also result in redirecting the victim to web content controlled by the attacker, or having the user unintentionally make a malicious call to an API, allowing the attacker to obtain sensitive information.\n\nXSS attacks often take the form of Javascript, but may also include HTML - or any other code the browser could execute.\n\n## Types of XSS attacks\n\n### Stored / persistent XSS attacks\n\nStored attacks are those where the injected script is permanently stored on the target servers, this could be data entered into a field and then stored by an app - either through storage provided by Atlassian, such as Entity Properties and Forge Storage API, or data collected by your app and stored elsewhere.\n\nWhen the stored data is then retrieved and displayed for a user, if precautions are not taken to properly escape or encode those scripts, they may be executed as though they were run by the trusted user.\n\n### Reflected / non-persistent XSS attacks\n\nReflected or non-persistent attacks occur when a page renders a value taken from a request URL, header, or body without properly encoding the content first.\n\nThe attack typically starts with the attacker finding a vulnerable input field, typically a URL or a form input field that accepts a payload of JavaScript, HTML, or other client-side scripting languages. The attacker then attempts to trick a victim into clicking the link - allowing the malicious script to run on the victim's browser as if it is a legitimate input from the trusted user.\n\nOne classic example of this is a search tool - an attacker might enter a search query that contains malicious code, such as JavaScript, into the search input field. The search tool might then echo back the query in the search results page without properly sanitizing or encoding it, allowing the malicious code to be executed in the user's browser.\n\nA reflected attack is typically delivered via email or a neutral website. The bait is an innocent-looking URL, pointing to a trusted site but containing the XSS vector.\n\n### DOM-based XSS attacks\n\nDOM based XSS attacks are similar to reflected attacks, but occur when a web application uses JavaScript to dynamically modify the [Document Object Model (DOM)](https://developer.mozilla.org/en-US/docs/Web/API/Document_Object_Model/Introduction) of a web page without properly validating or sanitizing user input.\n\nIn a DOM-based XSS attack, the malicious data does not touch the web server. Rather, it is being reflected by the JavaScript code, fully on the client side\n\nAtlassian Connect and Forge apps loaded in an iframe do not have direct access to modify the DOM of the host application, since JavaScript code running inside an iframe is subject to the same-origin policy, restricting access to the host products DOM. They can however, modify the host application's DOM through the use of the Atlassian Connect JavaScript API.\n\n## How do you know if you’re vulnerable?\n\nOne of the best ways to prevent XSS attacks is to perform an audit of all user inputs in your app to determine what makes its way to HTML output without being validated or encoded (there are a number of available free and paid tools to help with this including OWASP Zap and Burp Suite, to name just a couple) - see [Free for Open Source Application Security Tools](https://owasp.org/www-community/Free_for_Open_Source_Application_Security_Tools) and [Vulnerability Scanning Tools](https://owasp.org/www-community/Vulnerability_Scanning_Tools) for information about available tools.\n\nIt’s also helpful to know that while modern web frameworks (React, Vue and Angular for example) often have good security practises built in - there may be times when you need to do something outside the protection offered within your framework. In these situations it’s important to use output encoding and HTML sanitization.\n\n## Atlassian cloud platform security\n\n### Forge UI kit apps\n\nApps built with Forge UI kit use a declarative UI to build the user interface. Apps implement functions to compose UI kit components. The functions run on the server-side. Sandboxing UI functions in the UI kit makes the rendered UI secure, as no app code executes in the browser. This sandboxing also makes use of the security and isolation mechanisms that are used by the Forge back-end infrastructure.\n\n### Forge Custom UI apps\n\nApps built with Forge Custom UI allow users to build their own user interface using static resources, such as HTML, CSS, JavaScript, and images. The Forge platform hosts those static resources, enabling Custom UI apps to display on Atlassian products. \n\nBecause custom UI apps are hosted by Atlassian, these apps can enforce sandboxing of the static resources that are run in the user's browser. This is done by using [content security policy (CSP)](/developer-guide/building-secure-preventing-xss/#create-a-content-security-policy--csp-) headers that provide protection against common security vulnerabilities, such as cross-site scripting (XSS) and data injection.\n\n### Connect apps\n\nThe **Connect app model** places app content inside an iframe which provides some protection for XSS vulnerability, however connect iFrames are pre-configured to have access to functions, actions and requests within the Atlassian cloud application - which is more than what a standard iframe would normally be able to access.\n\nThis means that the XSS vulnerabilities could result in a third party gaining access to any / all data a user has access to, as you will see in the glitch example below.\n\nIf you’re offering your Connect App on the Atlassian Marketplace, you are required to set a [Content Security Policy (CSP)](/developer-guide/building-secure-preventing-xss/#create-a-content-security-policy--csp-) Header as outlined in the [cloud app security requirements](https://developer.atlassian.com/platform/marketplace/security-requirements/#connect-apps) policy.\n\n## How to protect your app against XSS attacks\n\nA successful XSS attack occurs when an attacker is able to insert and execute malicious content into a webpage, so to provide the best protection against XSS vulnerabilities in your app every input must be validated, and escaped or sanitised.\n\n### Validation\n\nWhenever your app receives user input, you should validate it at the point when it is received.\n\nFor example: If a user supplies a value that is expected to be an email address, validate that the only contains the expected characters\n\nIdeally, if an input fails validation it should be blocked. An alternative approach could be to attempt to ‘clean’ input to make it valid - however, this approach is more prone to errors and should be avoided if possible (see [Sanitization](/developer-guide/building-secure-preventing-xss/#sanitisation) below for more information on this).\n\n### Escaping user inputs\n\nWhenever user input data is displayed, it must be encoded/escaped to ensure characters are treated as plain text rather than executable code.\n\n"},{"type":"shortcode","name":"tip","arguments":[{"name":"title","value":"What's the difference between escaping, encoding and sanitising?"}],"content":"\n\nIn the security field, the term escaping is often used as a synonym for encoding, however there are some distinctions between the two.\n\nInput encoding is the process of replacing parts of the input that could be dangerous with a different representation, to ensure that it can be safely used by an application.\n\nInput escaping is a subset of encoding, the process of transforming parts of the input that could be dangerous using special characters called escape characters, so that it can be safely used by an application without it being interpreted as code.\n\nInput escaping and encoding are completely reversible - an encoded string can be decoded back into its original value.\n\nSanitization on the other hand involves removing the parts of the input that could be dangerous entirely in order to make it safe. This process is not reversible.\n"},{"type":"markdown","content":"\n\nModern frameworks will mostly encode input by default, however there are ways to work around their in-built security which it’s useful to be aware of. Older frameworks tended to take the opposite approach - the built in security needed to be turned on explicitly.\n\nThe table below gives some examples of safe and unsafe ways of outputting user controlled data:\n\n\u003ctable>\n \u003cthead>\n \u003cth>Framework\u003c/th>\n \u003cth>Dangerous\u003c/th>\n \u003cth>Safe\u003c/th>\n \u003c/thead>\n \u003ctbody>\n \u003ctr>\n \u003ctd>Angular\u003c/td>\n \u003ctd>\u003ccode>bypassSecurityTrustHtml()\u003c/code> or \u003ccode>trustAsHtml()\u003c/code> or \u003ccode>ElementRef\u003c/code>\u003c/td>\n \u003ctd>otherwise secure by default (including \u003ccode>innerHTML\u003c/code>)\u003c/td>\n \u003c/tr>\n \u003ctr>\n \u003ctd>Javascript\u003c/td>\n \u003ctd>\u003ccode>innerHTML\u003c/code>\u003c/td>\n \u003ctd>\u003ccode>innerText\u003c/code>\u003c/td>\n \u003c/tr>\n \u003ctr>\n \u003ctd>jQuery\u003c/td>\n \u003ctd>\u003ccode>html()\u003c/code>\u003c/td>\n \u003ctd>\u003ccode>text()\u003c/code>\u003c/td>\n \u003c/tr>\n \u003ctr>\n \u003ctd>JSP\u003c/td>\n \u003ctd>\u003ccode>${variable}\u003c/code>\u003c/td>\n \u003ctd>\u003ccode>&ltc:out value=\"${variable}\"&gt\u003c/code> or \u003ccode>${fn:escapeXml(variable)}\u003c/code>\u003c/td>\n \u003c/tr>\n \u003ctr>\n \u003ctd>React\u003c/td>\n \u003ctd>\u003ccode>dangerouslySetInnerHTML\u003c/code>, \u003ccode>findDOMNode\u003c/code>, \u003ccode>createRef\u003c/code>\u003c/td>\n \u003ctd>otherwise secure by default\u003c/td>\n \u003c/tr>\n \u003c/tbody>\n\u003c/table>\n\n### Sanitization\n\nSanitization is the process of making user input safe by entirely removing potentially malicious characters. It differs to Encoding because it involves removing parts of the data.\n\nSanitization can be difficult to implement well - the process is considered to be complex, and prone to errors.\n\nSo, when would you want to use Sanitization over Encoding / Escaping?\n\nThere are sometimes cases where you might want to work with un-escaped HTML. While the recommendation is to avoid it wherever possible, or considering an alternative approach such as Transpiling HTML from another markup language, I have provided some guidance\n\n#### HTML sanitization\n\nSanitization of HTML involves removing potentially malicious content, typically based on an **allow list** of elements and attributes, and a **deny list** of attribute values. This is very hard to get right, browsers are constantly evolving and so does their functionality, and with those changes possible vectors for malicious code are discovered.\n\nFor that reason, if working with user-defined HTML we suggest you consider:\n\n* Using a framework that handles output encoding for you, or\n* Using a tool such as [DOMPurify](https://github.com/cure53/DOMPurify) to sanitise your content\n\n"},{"type":"shortcode","name":"warning","arguments":[{"name":"title","value":"Important"}],"content":"You must regularly patch DOMPurify or other HTML Sanitization libraries that you use. Browsers change functionality and bypasses are being discovered regularly."},{"type":"markdown","content":"\n\n### Create a Content Security Policy (CSP)\n\nA Content Security Policy is an added layer of security that helps to detect and mitigate certain types of attacks including Cross-Site scripting attacks.\n\n* [Learn more about implementing a Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)\n* [Using Content Security Policies in Forge](https://developer.atlassian.com/platform/forge/add-content-security-and-egress-controls/)\n\n## Example app with XSS vulnerabilities\n\nWe’ve built a very simple connect app in Glitch to show how an XSS vulnerability might occur, and provided examples of steps taken to validate, sanitise and escape the input to prevent the vulnerability.\n\nWarning: Do not install this app on any site that contains sensitive data. We strongly encourage you to either use an existing development / testing cloud instance or to create a new temporary cloud instance on which to experiment with this app.\n\nGo to https://glitch.com/edit/#!/atlassian-connect-xss-demo to try it out.\n\n## Further reading\nIf you'd like to learn more about the topics on this page, the following pages are a great place to start. \n\n[OWASP Cheat Sheet Series: Cross Site Scripting Prevention](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html)\n\n[Portswigger: How to prevent XSS](https://portswigger.net/web-security/cross-site-scripting/preventing)\n\n[web.dev: Content security policy](https://web.dev/csp/)"}],"metadata":{"source":"https://bitbucket.org/atlassian-developers/global-developer-guide/src/master/content/developer-guide/building-secure-preventing-xss.md?at=master&mode=edit&fileviewer=file-view-default&spa=0","title":"Preventing XSS attacks","description":"Learn how to prevent cross site scripting (XSS) attacks in Atlassian Cloud apps.","platform":"platform","category":"devguide","product":"developer-guide","subcategory":"intro","date":"2023-05-30","enabledVersion":"1.498.31"},"configuration":{"headerType":"global"},"deprecatedNavigation":{"title":"Atlassian developer guide","name":"developer-guide","url":"/developer-guide/","categories":[{"title":"Guides","name":"devguide","url":"/developer-guide/","subcategories":[{"title":"Getting started","name":"developer-guide","expandAlways":true,"items":[{"title":"Start building with Atlassian","url":"/developer-guide/start-building-with-atlassian/"},{"title":"Cloud and Data Center development","url":"/developer-guide/cloud-and-data-center-for-developers/"},{"title":"Authentication and authorization","url":"/developer-guide/auth/","isGroup":true,"groupItems":[{"title":"Connect app authorization","url":"/developer-guide/connect-app-authorization/"}]}]},{"title":"Developing on cloud","name":"cloud","expandAlways":true,"items":[{"title":"Evaluate cloud","url":"/developer-guide/evaluate-cloud/","isGroup":true,"groupItems":[{"title":"Cloud development options","url":"/developer-guide/cloud-development-options/"},{"title":"Forge adoption for server apps","url":"/developer-guide/forge-adoption-for-server-apps/"}]},{"title":"Cloud app hosting","url":"/developer-guide/cloud-app-hosting/"},{"title":"Cloud shared responsibility model (SRM)","url":"/developer-guide/cloud-shared-responsibility-model/"},{"title":"Multitenancy","url":"/developer-guide/multitenancy/"},{"title":"Preventing XSS attacks","url":"/developer-guide/building-secure-preventing-xss/"}]},{"title":"Sharing your apps","name":"migration-guide","expandAlways":true,"items":[{"title":"Distribute and list apps","url":"/developer-guide/distribute-and-list-apps/"}]},{"title":"Getting help","name":"get-help","expandAlways":true,"items":[{"title":"Explore the documentation","url":"/developer-guide/using-the-documentation/"},{"title":"Get help and give feedback","url":"/developer-guide/help-and-feedback/"},{"title":"Submit a critical incident ticket","url":"/developer-guide/how-to-report-an-incident/"},{"title":"Check incident updates","url":"/developer-guide/check-incident-updates/"},{"title":"App incident severity levels","url":"/developer-guide/app-incident-severity-levels/"},{"title":"Atlassian communication channels","url":"/developer-guide/communication-channels/"},{"title":"Glossary","url":"/developer-guide/glossary/"}]},{"title":"Integrating with our products","name":"building-Atlassian-into-products","expandAlways":true,"items":[{"title":"Jira integration guidelines","url":"/developer-guide/jira-integration-guidelines/"}]}]}],"enabledVersion":"1.498.31"},"navigation":[{"label":"Getting started","href":"/developer-guide/start-building-with-atlassian/","expandState":"always-expanded","childNavigationNodes":[{"label":"Start building with Atlassian","href":"/developer-guide/start-building-with-atlassian/","expandState":"collapsed","childNavigationNodes":[],"nestedNavigationNodes":[]},{"label":"Cloud and Data Center development","href":"/developer-guide/cloud-and-data-center-for-developers/","expandState":"collapsed","childNavigationNodes":[],"nestedNavigationNodes":[]},{"label":"Authentication and authorization","href":"/developer-guide/auth/","expandState":"collapsed","childNavigationNodes":[{"label":"Connect app authorization","href":"/developer-guide/connect-app-authorization/","expandState":"collapsed","childNavigationNodes":[],"nestedNavigationNodes":[]}],"nestedNavigationNodes":[]}],"nestedNavigationNodes":[]},{"label":"Developing on cloud","href":"/developer-guide/evaluate-cloud/","expandState":"always-expanded","childNavigationNodes":[{"label":"Evaluate cloud","href":"/developer-guide/evaluate-cloud/","expandState":"collapsed","childNavigationNodes":[{"label":"Cloud development options","href":"/developer-guide/cloud-development-options/","expandState":"collapsed","childNavigationNodes":[],"nestedNavigationNodes":[]},{"label":"Forge adoption for server apps","href":"/developer-guide/forge-adoption-for-server-apps/","expandState":"collapsed","childNavigationNodes":[],"nestedNavigationNodes":[]}],"nestedNavigationNodes":[]},{"label":"Cloud app hosting","href":"/developer-guide/cloud-app-hosting/","expandState":"collapsed","childNavigationNodes":[],"nestedNavigationNodes":[]},{"label":"Cloud shared responsibility model (SRM)","href":"/developer-guide/cloud-shared-responsibility-model/","expandState":"collapsed","childNavigationNodes":[],"nestedNavigationNodes":[]},{"label":"Multitenancy","href":"/developer-guide/multitenancy/","expandState":"collapsed","childNavigationNodes":[],"nestedNavigationNodes":[]},{"label":"Preventing XSS attacks","href":"/developer-guide/building-secure-preventing-xss/","expandState":"expanded","childNavigationNodes":[],"nestedNavigationNodes":[]}],"nestedNavigationNodes":[]},{"label":"Sharing your apps","href":"/developer-guide/distribute-and-list-apps/","expandState":"always-expanded","childNavigationNodes":[{"label":"Distribute and list apps","href":"/developer-guide/distribute-and-list-apps/","expandState":"collapsed","childNavigationNodes":[],"nestedNavigationNodes":[]}],"nestedNavigationNodes":[]},{"label":"Getting help","href":"/developer-guide/using-the-documentation/","expandState":"always-expanded","childNavigationNodes":[{"label":"Explore the documentation","href":"/developer-guide/using-the-documentation/","expandState":"collapsed","childNavigationNodes":[],"nestedNavigationNodes":[]},{"label":"Get help and give feedback","href":"/developer-guide/help-and-feedback/","expandState":"collapsed","childNavigationNodes":[],"nestedNavigationNodes":[]},{"label":"Submit a critical incident ticket","href":"/developer-guide/how-to-report-an-incident/","expandState":"collapsed","childNavigationNodes":[],"nestedNavigationNodes":[]},{"label":"Check incident updates","href":"/developer-guide/check-incident-updates/","expandState":"collapsed","childNavigationNodes":[],"nestedNavigationNodes":[]},{"label":"App incident severity levels","href":"/developer-guide/app-incident-severity-levels/","expandState":"collapsed","childNavigationNodes":[],"nestedNavigationNodes":[]},{"label":"Atlassian communication channels","href":"/developer-guide/communication-channels/","expandState":"collapsed","childNavigationNodes":[],"nestedNavigationNodes":[]},{"label":"Glossary","href":"/developer-guide/glossary/","expandState":"collapsed","childNavigationNodes":[],"nestedNavigationNodes":[]}],"nestedNavigationNodes":[]},{"label":"Integrating with our products","href":"/developer-guide/jira-integration-guidelines/","expandState":"always-expanded","childNavigationNodes":[{"label":"Jira integration guidelines","href":"/developer-guide/jira-integration-guidelines/","expandState":"collapsed","childNavigationNodes":[],"nestedNavigationNodes":[]}],"nestedNavigationNodes":[]}],"navigationLocation":{"pathname":"/developer-guide/building-secure-preventing-xss/"},"theme":"grouped-sidebar","newRestApiExperience":true},"frontEndFeatures":{"shouldShowDacIntercept":true,"shouldShowGetHelpWidget":true,"renderRestRedesignedDocs":{"contentSets":[],"enableAllInternal":true,"enableAllExternal":true},"targetExternalBuilders":{"contentSets":[],"userEmails":[]},"shouldEnableAIfeatures":false},"getHelpBaseUrl":"https://dac-get-help.services.atlassian.com","changelogStargateBaseUrl":"/gateway/api/dac-changelogs","bitbucketClientId":"wuJ9hf4zyXjYJVxWFf","isContentSetInternal":false};</script> <title>Preventing XSS attacks</title> <style data-styled-components="bcCCNc jqBRrP ibwhYF eZnlXi bsbZCT cEicjz cWyolX hEREHr ccUuQb KLVHW RfwMt ebpAmp dEUQgS jgvUXc cEunxv jGeTgW hSXbpc fFirge hKiNSh iuGVGX bCtJbM hwrSXl iARtDw BlNLE iLnIWi eGFUop bNgsgj ixXsyz hMVyQH cTROs kiTwuh bCnCXc fdgUza bHbcZi ebjqXf jOJzhX launBt gupbxx XLvQi cRavQB gWIkLp jGqvBW hsaQyA bWkibq huMuzN hYifdp crKIBs bIjwqY iLIKSx eysgIS cLWHVF jMPRQO igxxMf jPqTBr lhcjXP gzVyrk cQNBrn rJVhP hrxrbx gfLKuW kmRqgF APFeF hbQcmX dUcFyG RSHIw insOyI fDSCxc"> /* sc-component-id: sc-keyframes-bcCCNc */ @-webkit-keyframes bcCCNc{0%{opacity:0;}100%{opacity:1;}} @keyframes bcCCNc{0%{opacity:0;}100%{opacity:1;}} /* sc-component-id: sc-keyframes-jqBRrP */ @-webkit-keyframes jqBRrP{0%{opacity:1;}50%{opacity:0.6;}100%{opacity:1;}} @keyframes jqBRrP{0%{opacity:1;}50%{opacity:0.6;}100%{opacity:1;}} /* sc-component-id: sc-keyframes-ibwhYF */ @-webkit-keyframes ibwhYF{to{-webkit-transform:rotate(360deg);-ms-transform:rotate(360deg);transform:rotate(360deg);}} @keyframes ibwhYF{to{-webkit-transform:rotate(360deg);-ms-transform:rotate(360deg);transform:rotate(360deg);}} /* sc-component-id: sc-jdeSqf */ .cQNBrn{overflow-wrap:break-word;word-wrap:break-word;} /* sc-component-id: sc-cBrjTV */ .crKIBs{padding-top:var(--ds-space-300,24px);} .crKIBs:first-child{padding-top:var(--ds-space-0,0px);} .crKIBs h1 .heading-anchor-wrapper{position:absolute;height:1.1666666666666667em;margin-left:var(--ds-space-075,6px);} .crKIBs h1 .heading-anchor-wrapper button{padding-left:var(--ds-space-0,0px);padding-right:var(--ds-space-0,0px);} @media (hover:hover) and (pointer:fine){.crKIBs h1 .heading-anchor-wrapper > button{opacity:0;-webkit-transform:translate(-8px,0px);-ms-transform:translate(-8px,0px);transform:translate(-8px,0px);-webkit-transition:opacity 0.2s ease 0s,-webkit-transform 0.2s ease 0s;-webkit-transition:opacity 0.2s ease 0s,transform 0.2s ease 0s;transition:opacity 0.2s ease 0s,transform 0.2s ease 0s;}.crKIBs h1:hover .heading-anchor-wrapper > button{opacity:1;-webkit-transform:none !important;-ms-transform:none !important;transform:none !important;}} .crKIBs h2 .heading-anchor-wrapper{position:absolute;height:1.2em;margin-left:var(--ds-space-075,6px);} .crKIBs h2 .heading-anchor-wrapper button{padding-left:var(--ds-space-0,0px);padding-right:var(--ds-space-0,0px);} @media (hover:hover) and (pointer:fine){.crKIBs h2 .heading-anchor-wrapper > button{opacity:0;-webkit-transform:translate(-8px,0px);-ms-transform:translate(-8px,0px);transform:translate(-8px,0px);-webkit-transition:opacity 0.2s ease 0s,-webkit-transform 0.2s ease 0s;-webkit-transition:opacity 0.2s ease 0s,transform 0.2s ease 0s;transition:opacity 0.2s ease 0s,transform 0.2s ease 0s;}.crKIBs h2:hover .heading-anchor-wrapper > button{opacity:1;-webkit-transform:none !important;-ms-transform:none !important;transform:none !important;}} .crKIBs h3 .heading-anchor-wrapper{position:absolute;height:1.25em;margin-left:var(--ds-space-075,6px);} .crKIBs h3 .heading-anchor-wrapper button{padding-left:var(--ds-space-0,0px);padding-right:var(--ds-space-0,0px);} @media (hover:hover) and (pointer:fine){.crKIBs h3 .heading-anchor-wrapper > button{opacity:0;-webkit-transform:translate(-8px,0px);-ms-transform:translate(-8px,0px);transform:translate(-8px,0px);-webkit-transition:opacity 0.2s ease 0s,-webkit-transform 0.2s ease 0s;-webkit-transition:opacity 0.2s ease 0s,transform 0.2s ease 0s;transition:opacity 0.2s ease 0s,transform 0.2s ease 0s;}.crKIBs h3:hover .heading-anchor-wrapper > button{opacity:1;-webkit-transform:none !important;-ms-transform:none !important;transform:none !important;}} .crKIBs h4 .heading-anchor-wrapper{position:absolute;height:1.1428571428571428em;margin-left:var(--ds-space-075,6px);} .crKIBs h4 .heading-anchor-wrapper button{padding-left:var(--ds-space-0,0px);padding-right:var(--ds-space-0,0px);} @media (hover:hover) and (pointer:fine){.crKIBs h4 .heading-anchor-wrapper > button{opacity:0;-webkit-transform:translate(-8px,0px);-ms-transform:translate(-8px,0px);transform:translate(-8px,0px);-webkit-transition:opacity 0.2s ease 0s,-webkit-transform 0.2s ease 0s;-webkit-transition:opacity 0.2s ease 0s,transform 0.2s ease 0s;transition:opacity 0.2s ease 0s,transform 0.2s ease 0s;}.crKIBs h4:hover .heading-anchor-wrapper > button{opacity:1;-webkit-transform:none !important;-ms-transform:none !important;transform:none !important;}} .crKIBs h5 .heading-anchor-wrapper{position:absolute;height:1.3333333333333333em;margin-left:var(--ds-space-075,6px);} .crKIBs h5 .heading-anchor-wrapper button{padding-left:var(--ds-space-0,0px);padding-right:var(--ds-space-0,0px);} @media (hover:hover) and (pointer:fine){.crKIBs h5 .heading-anchor-wrapper > button{opacity:0;-webkit-transform:translate(-8px,0px);-ms-transform:translate(-8px,0px);transform:translate(-8px,0px);-webkit-transition:opacity 0.2s ease 0s,-webkit-transform 0.2s ease 0s;-webkit-transition:opacity 0.2s ease 0s,transform 0.2s ease 0s;transition:opacity 0.2s ease 0s,transform 0.2s ease 0s;}.crKIBs h5:hover .heading-anchor-wrapper > button{opacity:1;-webkit-transform:none !important;-ms-transform:none !important;transform:none !important;}} .crKIBs h6 .heading-anchor-wrapper{position:absolute;height:1.4545454545454546em;margin-left:var(--ds-space-075,6px);} .crKIBs h6 .heading-anchor-wrapper button{padding-left:var(--ds-space-0,0px);padding-right:var(--ds-space-0,0px);} @media (hover:hover) and (pointer:fine){.crKIBs h6 .heading-anchor-wrapper > button{opacity:0;-webkit-transform:translate(-8px,0px);-ms-transform:translate(-8px,0px);transform:translate(-8px,0px);-webkit-transition:opacity 0.2s ease 0s,-webkit-transform 0.2s ease 0s;-webkit-transition:opacity 0.2s ease 0s,transform 0.2s ease 0s;transition:opacity 0.2s ease 0s,transform 0.2s ease 0s;}.crKIBs h6:hover .heading-anchor-wrapper > button{opacity:1;-webkit-transform:none !important;-ms-transform:none !important;transform:none !important;}} /* sc-component-id: sc-iCwjlJ */ .bIjwqY{display:inline;outline:none;background-color:transparent;border:none;color:#42526E;cursor:pointer;right:var(--ds-space-0,0px);} /* sc-component-id: sc-fkyLDJ */ .jGeTgW{min-height:100vh;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;} /* sc-component-id: sc-jUpvKA */ .kmRqgF{-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;} /* sc-component-id: sc-jdfcpN */ .jMPRQO{width:100%;overflow-y:auto;margin:12px var(--ds-space-0,0px) 16px var(--ds-space-0,0px);} /* sc-component-id: sc-kNBZmU */ .lhcjXP{background-color:#F4F5F7;} .lhcjXP.lhcjXP{padding:8px;} /* sc-component-id: sc-eopZyb */ .gzVyrk.gzVyrk{padding:8px;} /* sc-component-id: sc-eNNmBn */ .igxxMf{border-bottom:none;} /* sc-component-id: sc-eEieub */ .jPqTBr{border-bottom:1px solid #C1C7D0;} /* sc-component-id: sc-eNPDpu */ .iARtDw{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;position:fixed;bottom:var(--ds-space-400,32px);left:var(--ds-space-400,32px);z-index:1;} /* sc-component-id: sc-hARARD */ .hrxrbx{text-align:center;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:end;-webkit-justify-content:flex-end;-ms-flex-pack:end;justify-content:flex-end;margin-left:16px;margin-top:var(--ds-space-500,40px);margin-bottom:var(--ds-space-500,40px);} /* sc-component-id: sc-ccLTTT */ .gfLKuW{font-size:14px;color:#6B778C;margin:var(--ds-space-0,0px) var(--ds-space-050,4px) var(--ds-space-0,0px) var(--ds-space-0,0px);} /* sc-component-id: sc-TuwoP */ .hKiNSh{max-height:100px;background-color:#DEEBFF;} /* sc-component-id: sc-fQkuQJ */ .iuGVGX{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;background-color:#DEEBFF;color:#172B4D;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;fill:#DEEBFF;font-weight:600;-webkit-box-pack:center;-webkit-justify-content:center;-ms-flex-pack:center;justify-content:center;padding:12px;text-align:center;margin:auto;max-width:876px;} /* sc-component-id: sc-epGmkI */ .bCtJbM{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto;} /* sc-component-id: sc-dphlzf */ .fFirge{max-height:0px;overflow:hidden;-webkit-transition:max-height 0.25s ease-in-out;transition:max-height 0.25s ease-in-out;} /* sc-component-id: sc-fCPvlr */ .hwrSXl{-webkit-flex:0 1 auto;-ms-flex:0 1 auto;flex:0 1 auto;padding:4px;overflow:hidden;} /* sc-component-id: sc-gAmQfK */ .hSXbpc{color:black;position:relative;z-index:100;} .hSXbpc div[data-testid='navigation-site-title']{color:#172B4D;font-size:16px;} /* sc-component-id: sc-hvvHee */ .APFeF{margin-top:var(--ds-space-400,32px) padding:var(--ds-space-200,16px) var(--ds-space-100,8px);background:#F4F5F7;color:white;min-height:100px;} .APFeF,.APFeF *{box-sizing:border-box;} @media (min-width:768px){.APFeF{padding:var(--ds-space-400,32px) var(--ds-space-100,8px);}} /* sc-component-id: sc-eSePXt */ .hbQcmX{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;max-width:80rem;margin-left:auto;margin-right:auto;padding-left:0.9375rem;padding-right:0.9375rem;} @media (min-width:860px){.hbQcmX{-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}} /* sc-component-id: sc-dXfzlN */ .insOyI{-webkit-flex:1;-ms-flex:1;flex:1;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-pack:end;-webkit-justify-content:flex-end;-ms-flex-pack:end;justify-content:flex-end;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;} @media (min-width:860px){.insOyI{-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}} @media (max-width:1024px){.insOyI{font-size:14px;}} /* sc-component-id: sc-aewfc */ .fDSCxc{color:#0a0a0a;display:inline-block;line-height:1;padding:var(--ds-space-150,12px) var(--ds-space-400,32px) var(--ds-space-150,12px) var(--ds-space-0,0px);} @media (min-width:768px){.fDSCxc{padding:var(--ds-space-150,12px) var(--ds-space-200,16px);}} @media (max-width:1024px){.fDSCxc{font-size:14px;}} /* sc-component-id: sc-iIHjhz */ .RSHIw{color:#0057d8;display:inline-block;line-height:1;padding:var(--ds-space-150,12px) var(--ds-space-400,32px) var(--ds-space-150,12px) var(--ds-space-0,0px);} @media (min-width:768px){.RSHIw{padding:var(--ds-space-150,12px) var(--ds-space-200,16px);}} .RSHIw.hide-optanon-link{display:none;} /* sc-component-id: sc-eQGPmX */ .ebjqXf a[type='button']{line-height:18px;height:auto;padding:var(--ds-space-0,0px);text-align:left;} /* sc-component-id: sc-dAOnuy */ .gupbxx{white-space:normal;} /* sc-component-id: sc-hMjcWo */ .jOJzhX{padding:4px var(--ds-space-0,0px) 2px;} .jOJzhX > a[type='button']{font-weight:inherit;color:inherit;} .jOJzhX > a[type='button']:before{content:" ";display:inline-block;line-height:18px;min-width:0.5rem;} .jOJzhX > a[type='button']:hover{background-color:inherit;color:rgb(0,82,204) !important;}.launBt{padding:4px var(--ds-space-0,0px) 2px;} .launBt > a[type='button']{font-weight:700;color:rgb(0,82,204) !important;} .launBt > a[type='button']:before{content:"•";display:inline-block;line-height:18px;min-width:0.5rem;} .launBt > a[type='button']:hover{background-color:inherit;color:rgb(0,82,204) !important;} /* sc-component-id: sc-bLJvFH */ .XLvQi{list-style:none;margin-left:32px;margin-top:8px;padding:var(--ds-space-0,0px);} /* sc-component-id: sc-eAudoH */ .kiTwuh{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;cursor:inherit;} /* sc-component-id: sc-hgzKov */ .cTROs{border-top:1px solid #EBECF0;margin:var(--ds-space-0,0px);padding:12px var(--ds-space-0,0px);position:relative;} .cTROs:last-child{border-bottom:1px solid #EBECF0;} /* sc-component-id: sc-hCbubC */ .bCnCXc{color:#253858;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;font-weight:700;line-height:22px;text-transform:uppercase;} /* sc-component-id: sc-kMBllD */ .fdgUza{-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;height:24px;text-align:center;-webkit-transform:rotate(90deg);-ms-transform:rotate(90deg);transform:rotate(90deg);visibility:hidden;width:24px;} /* sc-component-id: sc-enfXDO */ .bHbcZi{height:auto;list-style:none;margin:var(--ds-space-0,0px);overflow:hidden;padding:var(--ds-space-0,0px);} .bHbcZi.bHbcZi{margin-top:var(--ds-space-0,0px);} /* sc-component-id: sc-dBfaGr */ .hMVyQH{list-style:none;margin:var(--ds-space-0,0px);padding:var(--ds-space-0,0px);} /* sc-component-id: sc-jgVwMx */ .ixXsyz{padding:16px 0;} /* sc-component-id: sc-giOsra */ .cEicjz{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;border-radius:3px;background-color:#DEEBFF;padding:16px;}.cWyolX{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;border-radius:3px;background-color:#E3FCEF;padding:16px;}.hEREHr{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;border-radius:3px;background-color:#FFFAE6;padding:16px;} /* sc-component-id: sc-SFOxd */ .KLVHW{-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;} /* sc-component-id: sc-jOBXIr */ .ebpAmp{margin:0;font-size:1.1428571428571428em;font-style:inherit;line-height:1.25;color:#172B4D;font-weight:600;-webkit-letter-spacing:-0.006em;-moz-letter-spacing:-0.006em;-ms-letter-spacing:-0.006em;letter-spacing:-0.006em;margin-top:24px;} /* sc-component-id: sc-dzOgQY */ * + .RfwMt{margin-top:8px;} /* sc-component-id: sc-jOVcOr */ .ccUuQb{-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto;width:40px;} .ccUuQb > span{margin:-2px 0;vertical-align:top;} /* sc-component-id: sc-hkaZBZ */ .bsbZCT{margin:16px var(--ds-space-0,0px);} .bsbZCT > section > div:last-child{-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;overflow-x:auto;} /* sc-component-id: sc-gLdKKF */ .dEUQgS{position:relative;padding-top:56.25%;margin:16px var(--ds-space-0,0px);height:0;overflow:hidden;max-width:100%;} /* sc-component-id: sc-gCUMDz */ .jgvUXc{position:absolute;top:var(--ds-space-0,0px);left:var(--ds-space-0,0px);width:100%;height:100%;} /* sc-component-id: sc-grYksN */ .jGqvBW{display:none;-webkit-box-pack:end;-webkit-justify-content:flex-end;-ms-flex-pack:end;justify-content:flex-end;margin:var(--ds-space-0,0px) 15px;} @media (min-width:600px){.jGqvBW{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;margin-top:20px;}} /* sc-component-id: sc-frudsx */ .hsaQyA{display:none;} @media (min-width:900px){.hsaQyA{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;color:#6B778C;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}} /* sc-component-id: sc-cBXKeB */ .bWkibq{display:none;padding-right:4px;} @media (min-width:1200px){.bWkibq{display:initial;}} /* sc-component-id: sc-fjNYmT */ .cRavQB{-webkit-flex-basis:0;-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:3;-webkit-flex-grow:3;-ms-flex-positive:3;flex-grow:3;margin:var(--ds-space-0,0px) auto;max-width:1200px;padding:var(--ds-space-0,0px) var(--ds-space-400,32px);} @media (min-width:900px){.cRavQB{overflow:visible;}} /* sc-component-id: sc-hzOKmB */ .gWIkLp{display:block;-webkit-box-pack:end;-webkit-justify-content:flex-end;-ms-flex-pack:end;justify-content:flex-end;margin-top:var(--ds-space-0,0px)px;} @media (min-width:900px){.gWIkLp{margin-right:192px;}} /* sc-component-id: sc-jBoNkH */ .eGFUop{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column-reverse;-ms-flex-direction:column-reverse;flex-direction:column-reverse;width:100%;} @media (min-width:900px){.eGFUop{-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}} /* sc-component-id: sc-fPbjcq */ .bNgsgj{box-sizing:border-box;-webkit-flex-basis:0;-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;max-width:350px;width:20%;border-right:1px solid rgba(9,30,66,0.08);display:none;padding:32px;padding-top:8px;padding-right:16px;} @media (min-width:900px){.bNgsgj{display:block;}} /* sc-component-id: sc-hdNmWC */ .huMuzN{-webkit-flex-basis:0;-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:3;-webkit-flex-grow:3;-ms-flex-positive:3;flex-grow:3;margin:15px;margin-top:8px;width:80%;} /* sc-component-id: sc-hBcjXN */ .iLnIWi{-webkit-flex:1 0 auto;-ms-flex:1 0 auto;flex:1 0 auto;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;} .iLnIWi h1 + h2{margin-top:12px;} .iLnIWi h1 + h3{margin-top:16px;} /* sc-component-id: sc-gVZiCL */ .BlNLE img{max-width:100%;} .BlNLE tr{border-bottom:1px solid #C1C7D0;} .BlNLE thead{border-bottom:none;} .BlNLE th{background-color:#F4F5F7;padding:8px;} .BlNLE td{padding:8px;} .BlNLE .aui-lozenge{background:#42526E;border:0;border-radius:3px;color:#FFFFFF;box-sizing:border-box;display:inline-block;font-size:11px;font-weight:700;line-height:1;max-width:200px;padding:var(--ds-space-025,2px) var(--ds-space-050,4px) var(--ds-space-025,2px);text-transform:uppercase;vertical-align:baseline;} .BlNLE .aui-lozenge-subtle{background-color:#DFE1E6;color:#42526E;} .BlNLE .aui-lozenge-success{background-color:#00875A;color:#FFFFFF;} .BlNLE .aui-lozenge-error,.BlNLE .aui-lozenge-removed{background-color:#BF2600;color:#FFFFFF;} .BlNLE .aui-lozenge-inprogress{background-color:#0052CC;color:#FFFFFF;} .BlNLE .aui-lozenge-new{background-color:#5243AA;color:#FFFFFF;} .BlNLE .aui-lozenge-moved{background-color:#FF991F;color:#172B4D;} .BlNLE .aui-lozenge-current{background-color:#FFC400;color:#42526E;} .BlNLE .aui-lozenge-complete{background-color:#5E6C84;color:#FFFFFF;} .BlNLE .aui-lozenge-success.aui-lozenge-subtle{background-color:#E3FCEF;color:#006644;} .BlNLE .aui-lozenge-error.aui-lozenge-subtle,.BlNLE .aui-lozenge-removed.aui-lozenge-subtle{background-color:#FFEBE6;color:#BF2600;} .BlNLE .aui-lozenge-current.aui-lozenge-subtle,.BlNLE .aui-lozenge-inprogress.aui-lozenge-subtle{background-color:#DEEBFF;color:#0747A6;} .BlNLE .aui-lozenge-complete.aui-lozenge-subtle,.BlNLE .aui-lozenge-new.aui-lozenge-subtle{background-color:#EAE6FF;color:#403294;} .BlNLE .aui-lozenge-moved.aui-lozenge-subtle{background-color:#FFF0B3;color:#172B4D;} .BlNLE .aui-message{position:relative;margin:16px var(--ds-space-0,0px);border-radius:3px;padding:16px;padding-left:56px;} .BlNLE .aui-message p strong,.BlNLE .aui-message p.title{font-size:1.1428571428571428em;font-style:inherit;line-height:1.25;color:#172B4D;font-weight:600;-webkit-letter-spacing:-0.006em;-moz-letter-spacing:-0.006em;-ms-letter-spacing:-0.006em;letter-spacing:-0.006em;margin-top:24px;font-size:16px;margin-top:var(--ds-space-0,0px);} .BlNLE .aui-message p.title{margin-bottom:8px;} .BlNLE .aui-message p.title + p{margin-top:var(--ds-space-0,0px);} .BlNLE .aui-message.tip{background-color:#E3FCEF;} .BlNLE .aui-message.note,.BlNLE .aui-message.info{background-color:#DEEBFF;} .BlNLE .aui-message.warning{background-color:#FFFAE6;} .BlNLE .aui-message-tip{background-color:#E3FCEF;} .BlNLE .aui-message-note,.BlNLE .aui-message-tip{background-color:#DEEBFF;} .BlNLE .aui-message-warning{background-color:#FFFAE6;} .BlNLE blockquote{padding:8px 16px var(--ds-space-0,0px) 16px;border-left:1px solid #C1C7D0;margin:var(--ds-space-0,0px) var(--ds-space-0,0px) 16px;color:#97A0AF;} .BlNLE blockquote:after,.BlNLE blockquote:before{content:'';} /* sc-component-id: sc-imDdex */ @media (min-width:900px){.hYifdp{position:relative;margin-right:192px;}} /* sc-component-id: sc-lffWgi */ @media (min-width:900px){.iLIKSx{position:absolute;left:100%;height:100%;margin-top:12px;}} /* sc-component-id: sc-fGSyRc */ .eysgIS{border-left:4px solid #0052CC;padding:8px;margin:30px var(--ds-space-0,0px);} .eysgIS:empty{display:none;} .eysgIS > :first-child{margin-bottom:32px;} @media (min-width:900px){.eysgIS{position:-webkit-sticky;position:sticky;top:82px;border-left:none;margin:var(--ds-space-0,0px);padding:var(--ds-space-0,0px);box-sizing:border-box;width:192px;}} /* sc-component-id: sc-dCVVYJ */ .rJVhP{display:'flex';-webkit-box-pack:end;-webkit-justify-content:flex-end;-ms-flex-pack:end;justify-content:flex-end;} /* sc-component-id: sc-jkPxnQ */ .cLWHVF{padding-left:28px;} /* sc-component-id: sc-cyQzhP */ .cEunxv{-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;} /* sc-component-id: sc-keyframes-eZnlXi */ @-webkit-keyframes eZnlXi{from{opacity:0;-webkit-transform:translateY(-10px);-ms-transform:translateY(-10px);transform:translateY(-10px);}to{opacity:1;-webkit-transform:translateY(0);-ms-transform:translateY(0);transform:translateY(0);}} @keyframes eZnlXi{from{opacity:0;-webkit-transform:translateY(-10px);-ms-transform:translateY(-10px);transform:translateY(-10px);}to{opacity:1;-webkit-transform:translateY(0);-ms-transform:translateY(0);transform:translateY(0);}} /* sc-component-id: sc-global-2906074290 */ @font-face{font-family:'Charlie Display';font-weight:400;src:url('/font/charlie-display/CharlieDisplay-Regular.otf') format('opentype');} @font-face{font-family:'Charlie Display';font-weight:500;src:url('/font/charlie-display/CharlieDisplay-Semibold.otf') format('opentype');} /* sc-component-id: sc-global-4218966353 */ *{box-sizing:border-box;}</style> <link href="https://dac-static.atlassian.com/_static/documentation-changelogs-docs-index-rest-api-docs-rest-docs-search-graphql-docs-graphql-sandbox-jsapi-connect-module-pages-analytics-and-cookie-preferences-homepage-errors-supportdesk.dfe18eccc22cf5b32118.chunk.css" rel="stylesheet"><link href="https://dac-static.atlassian.com/_static/documentation-changelogs-docs-index-rest-api-docs-rest-docs-search-graphql-docs-graphql-sandbox-jsapi-connect-module-pages-homepage-errors-supportdesk.c67a7555063c3b00faae.chunk.css" rel="stylesheet"><link href="https://dac-static.atlassian.com/_static/documentation.ce5deedee0b24a12eac1.css" rel="stylesheet"> <!-- Algolia Search Insights --> <script nonce="5BHBW9r9DicVrF7kk1LLhBJmyHzyNCJGw/hfG7wL8q0="> const ALGOLIA_INSIGHTS_SRC = "https://cdn.jsdelivr.net/npm/search-insights@2.2.1"; window.ALGOLIA_DAC_INDEX_NAME = 'developer.atlassian.com-dac-prod'; window.ALGOLIA_DAC_APP_ID = '41O4X7L3MX'; !function(e,a,t,n,s,i,c){e.AlgoliaAnalyticsObject=s,e[s]=e[s]||function(){ (e[s].queue=e[s].queue||[]).push(arguments)},i=a.createElement(t),c=a.getElementsByTagName(t)[0], i.async=1,i.src=n,c.parentNode.insertBefore(i,c) }(window,document,"script",ALGOLIA_INSIGHTS_SRC,"algoliaAnalytics"); algoliaAnalytics('init', { appId: '41O4X7L3MX', apiKey: 'Y2ZkNTM4MDg5M2QyMDUzOTBlMGEwZTU5OGQ0NGQ1MTA0ZmM1MjM5NzUzODdjNDZmYTRjYzkwMGFlYmIwMDE0MnJlc3RyaWN0SW5kaWNlcz1kZXZlbG9wZXIuYXRsYXNzaWFuLmNvbS1kYWMtcHJvZCUyQ2RldmVsb3Blci5hdGxhc3NpYW4uY29tLWRhYy1zdGFnaW5nJTJDZGV2ZWxvcGVyLmF0bGFzc2lhbi5jb20tZGFjLWRldiZmaWx0ZXJzPXByaXZpbGVnZSUzQU5PTkU=', useCookie: true, }); </script> <!-- End Algolia Search Insights --> <script nonce="5BHBW9r9DicVrF7kk1LLhBJmyHzyNCJGw/hfG7wL8q0="> window.ALGOLIA_DAC_API_KEY = 'Y2ZkNTM4MDg5M2QyMDUzOTBlMGEwZTU5OGQ0NGQ1MTA0ZmM1MjM5NzUzODdjNDZmYTRjYzkwMGFlYmIwMDE0MnJlc3RyaWN0SW5kaWNlcz1kZXZlbG9wZXIuYXRsYXNzaWFuLmNvbS1kYWMtcHJvZCUyQ2RldmVsb3Blci5hdGxhc3NpYW4uY29tLWRhYy1zdGFnaW5nJTJDZGV2ZWxvcGVyLmF0bGFzc2lhbi5jb20tZGFjLWRldiZmaWx0ZXJzPXByaXZpbGVnZSUzQU5PTkU='; window.ALGOLIA_DAC_API_KEY_EXPIRY = Date.now() + 28800000; window.ENABLE_AI = false; </script><script nonce="5BHBW9r9DicVrF7kk1LLhBJmyHzyNCJGw/hfG7wL8q0="> window.DAC_CDN_HOST = 'https://dac-static.atlassian.com'; window.ENABLED_VERSION = '1.498.31'; </script></head> <body> <div id="root"><div class="sc-cyQzhP cEunxv"><div class="sc-fkyLDJ jGeTgW"><div class="sc-gAmQfK hSXbpc"><div class="sc-dphlzf fFirge"><div class="sc-TuwoP hKiNSh" aria-hidden="true" data-testid="banner-container" role="alert"><div class="sc-fQkuQJ iuGVGX"><span class="sc-epGmkI bCtJbM"><style data-emotion-css="14fi9av">.css-14fi9av{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:none;border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}.css-14fi9av::-moz-focus-inner{border:0;margin:0;padding:0;}.css-14fi9av:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><button aria-label="close-icon" type="button" class="css-14fi9av"><style data-emotion-css="j8fq0c">.css-j8fq0c{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-flex-wrap:nowrap;-ms-flex-wrap:nowrap;flex-wrap:nowrap;max-width:100%;position:relative;}</style><span class="css-j8fq0c"><style data-emotion-css="noix33">.css-noix33{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:0;font-size:0;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;margin:0 -2px;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;opacity:1;}</style><span class="css-noix33"><style data-emotion="css 1wits42">.css-1wits42{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:16px;height:16px;}.css-1wits42 >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1wits42 >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1wits42 >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1wits42 >svg{width:16px;height:16px;}</style><span role="img" aria-label="close-icon" style="--icon-primary-color:currentColor;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1wits42"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><path d="M12 10.586L6.707 5.293a1 1 0 00-1.414 1.414L10.586 12l-5.293 5.293a1 1 0 001.414 1.414L12 13.414l5.293 5.293a1 1 0 001.414-1.414L13.414 12l5.293-5.293a1 1 0 10-1.414-1.414L12 10.586z" fill="currentColor"/></svg></span></span></span></button></span><span class="sc-fCPvlr hwrSXl"><span></span></span></div></div></div><style data-emotion-css="1cychdt">.css-1cychdt{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;box-sizing:border-box;height:56px;padding-right:12px;padding-left:12px;position:relative;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:justify;-webkit-justify-content:space-between;-ms-flex-pack:justify;justify-content:space-between;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;}[data-theme="light"] .css-1cychdt,[data-theme="dark"] .css-1cychdt{border-bottom:1px solid var(--ds-border,#091E4224);}[data-theme="light"] .css-1cychdt::after,[data-theme="dark"] .css-1cychdt::after{content:none;}.css-1cychdt::after{height:4px;position:absolute;top:100%;right:0;left:0;background:linear-gradient(180deg,rgba(9,30,66,0.13) 0,rgba(9,30,66,0.13) 1px,rgba(9,30,66,0.08) 1px,rgba(9,30,66,0) 4px);content:"";}</style><header style="background-color:var(--ds-surface, #FFFFFF);color:var(--ds-text-subtlest, #6B778C)" role="banner" class="css-1cychdt"><style data-emotion-css="vtikxo">.css-vtikxo{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;min-width:0;height:inherit;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;}.css-vtikxo > *{-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;}</style><nav aria-label="Atlassian Developer Navigation" class="css-vtikxo"><style data-emotion-css="1qtw0hy">.css-1qtw0hy{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;padding:4px;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;background:none;border:0;border-radius:3px;color:inherit;cursor:pointer;}.css-1qtw0hy::-moz-focus-inner{border:0;}.css-1qtw0hy:first-of-type{margin-left:0;}.css-1qtw0hy:hover{background-color:var(--product-home-bg-color-hover);box-shadow:var(--product-home-box-shadow-hover);color:var(--product-home-color-hover);}.css-1qtw0hy:active{background-color:var(--product-home-bg-color-active);box-shadow:var(--product-home-box-shadow-active);color:var(--product-home-color-active);}.css-1qtw0hy:focus{background-color:var(--product-home-bg-color-focus);box-shadow:var(--product-home-box-shadow-focus);color:var(--product-home-color-focus);outline:0;}div.css-1qtw0hy{pointer-events:none;}@media (max-width:1279.9px){.css-1qtw0hy{margin:0 8px;}}@media (min-width:1280px){.css-1qtw0hy{margin:0 16px;}}</style><a style="--product-home-color-active:var(--ds-text-subtle, #0052CC);--product-home-bg-color-active:var(--ds-background-neutral-pressed, rgba(222, 235, 255, 0.7));--product-home-box-shadow-active:;--product-home-color-focus:var(--ds-text-subtle, #344563);--product-home-bg-color-focus:;--product-home-box-shadow-focus:0 0 0 2px var(--ds-border-focused, #2684FF);--product-home-color-hover:var(--ds-text-subtle, #0052CC);--product-home-bg-color-hover:var(--ds-background-neutral-hovered, rgba(222, 235, 255, 0.9));--product-home-box-shadow-hover:;--logo-max-width:260px" href="/" data-testid="navigation-container" class="css-1qtw0hy"><style data-emotion-css="3fth2k">.css-3fth2k{max-height:28px;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;max-width:var(--logo-max-width);}.css-3fth2k > *{max-width:var(--logo-max-width);max-height:24px;}.css-3fth2k > span > svg{width:100%;}@media (max-width:1279.9px){.css-3fth2k{display:none;}}</style><div data-testid="navigation-logo" class="css-3fth2k"><svg width="261" height="25" viewBox="0 0 261 25" fill="none" xmlns="http://www.w3.org/2000/svg"><rect width="260.25" height="24" transform="translate(0 1)" fill="white" fill-opacity="0.01"></rect><path d="M5.3024 9.13208C5.03183 8.83445 4.62597 8.86149 4.43657 9.21323L0.0533155 18.0068C-0.109027 18.3586 0.134487 18.7644 0.513287 18.7644H6.6282C6.8176 18.7644 7.007 18.6562 7.08818 18.4668C8.44103 15.7611 7.62932 11.6213 5.3024 9.13208Z" fill="url(#paint0_linear)"></path><path d="M8.52267 1.15012C6.06047 5.04635 6.22281 9.34842 7.84624 12.5953C9.46967 15.8421 10.7143 18.3044 10.7955 18.4938C10.8766 18.6832 11.066 18.7914 11.2554 18.7914H17.3704C17.7492 18.7914 18.0197 18.3855 17.8303 18.0338C17.8303 18.0338 9.60495 1.58303 9.3885 1.17718C9.25321 0.771318 8.76618 0.771325 8.52267 1.15012Z" fill="#2684FF"></path><path d="M91.6158 14.4351C91.6158 11.8647 90.2359 10.6471 86.3937 9.80834C84.2562 9.34837 83.7422 8.86134 83.7422 8.18492C83.7422 7.34614 84.4998 6.96734 85.9067 6.96734C87.6113 6.96734 89.2889 7.48142 90.8852 8.21197V4.82982C89.7759 4.26162 88.0442 3.82869 86.015 3.82869C82.1999 3.82869 80.2247 5.47919 80.2247 8.21197C80.2247 10.3765 81.2258 12.1082 85.1762 12.8658C87.5301 13.3528 88.0172 13.7316 88.0172 14.5163C88.0172 15.2739 87.5301 15.7609 85.8526 15.7609C83.9315 15.7609 81.6317 15.1115 80.1436 14.2186V17.7631C81.3341 18.3584 82.9034 19.0078 85.8256 19.0078C89.9924 19.0078 91.6158 17.1679 91.6158 14.4351Z" fill="#0052CC"></path><path d="M133.256 4.04523V18.7643H136.395V7.53561L137.721 10.5119L142.158 18.7643H146.108V4.04523H142.97V13.5423L141.779 10.7825L138.208 4.04523H133.256Z" fill="#0052CC"></path><path d="M113.288 4.04523H109.851V18.7643H113.288V4.04523Z" fill="#0052CC"></path><path d="M105.901 14.4351C105.901 11.8647 104.522 10.6471 100.679 9.80834C98.5419 9.34837 98.0278 8.86134 98.0278 8.18492C98.0278 7.34614 98.7854 6.96734 100.192 6.96734C101.897 6.96734 103.575 7.48142 105.171 8.21197V4.82982C104.062 4.26162 102.33 3.82869 100.301 3.82869C96.4855 3.82869 94.5104 5.47919 94.5104 8.21197C94.5104 10.3765 95.5115 12.1082 99.4618 12.8658C101.816 13.3528 102.303 13.7316 102.303 14.5163C102.303 15.2739 101.816 15.7609 100.138 15.7609C98.2172 15.7609 95.9173 15.1115 94.4292 14.2186V17.7631C95.6197 18.3584 97.189 19.0078 100.111 19.0078C104.278 19.0078 105.901 17.1679 105.901 14.4351Z" fill="#0052CC"></path><path d="M53.5997 4.04523V18.7643H60.6616L61.771 15.5986H57.063V4.04523H53.5997Z" fill="#0052CC"></path><path d="M39.6926 4.0453V7.23806H43.5077V18.7644H46.9439V7.23806H51.0296V4.0453H39.6926Z" fill="#0052CC"></path><path d="M34.6874 4.04523H30.1688L25.028 18.7643H28.9512L29.6818 16.275C30.5476 16.5186 31.4676 16.6809 32.4416 16.6809C33.3886 16.6809 34.3086 16.5456 35.2014 16.275L35.932 18.7643H39.8553L34.6874 4.04523ZM32.4146 13.6505C31.7652 13.6505 31.1158 13.5423 30.5206 13.3799L32.4146 6.94033L34.3086 13.3799C33.7133 13.5423 33.0639 13.6505 32.4146 13.6505Z" fill="#0052CC"></path><path d="M72.8113 4.04521H68.2927L63.1519 18.7643H67.0751L67.8057 16.275C68.6715 16.5185 69.5915 16.6809 70.5655 16.6809C71.5125 16.6809 72.4325 16.5456 73.3253 16.275L74.0559 18.7643H77.9792L72.8113 4.04521ZM70.5655 13.6505C69.9161 13.6505 69.2668 13.5423 68.6715 13.3799L70.5655 6.94031L72.4595 13.3799C71.8372 13.5423 71.2149 13.6505 70.5655 13.6505Z" fill="#0052CC"></path><path d="M125.653 4.04521H121.135L115.994 18.7643H119.917L120.648 16.275C121.514 16.5185 122.433 16.6809 123.408 16.6809C124.355 16.6809 125.274 16.5456 126.167 16.275L126.898 18.7643H130.821L125.653 4.04521ZM123.38 13.6505C122.731 13.6505 122.082 13.5423 121.486 13.3799L123.38 6.94031L125.274 13.3799C124.679 13.5423 124.057 13.6505 123.38 13.6505Z" fill="#0052CC"></path><path d="M155.334 2.93684H161.151C166.292 2.93684 168.754 6.12959 168.754 10.8917C168.754 15.6808 166.238 18.7653 161.151 18.7653H155.334V2.93684ZM157.498 5.02023V16.7089H161.178C164.804 16.7089 166.59 14.8149 166.59 10.9728C166.59 7.13069 164.885 5.02023 161.043 5.02023H157.498Z" fill="#253858"></path><path d="M177.062 19.0079C172.57 19.0079 170.595 16.4104 170.595 12.7307C170.595 9.105 172.624 6.48046 176.277 6.48046C179.984 6.48046 181.472 9.05088 181.472 12.7307V13.6777H172.678C172.976 15.734 174.302 17.0598 177.143 17.0598C178.55 17.0598 179.713 16.7892 180.796 16.4104V18.3044C179.794 18.8185 178.279 19.0079 177.062 19.0079ZM172.651 11.8919H179.361C179.253 9.64615 178.225 8.37446 176.169 8.37446C173.977 8.37446 172.868 9.78143 172.651 11.8919Z" fill="#253858"></path><path d="M187.235 18.7644L182.554 6.72401H184.719L188.615 17.0057L192.484 6.72401H194.648L189.968 18.7644H187.235Z" fill="#253858"></path><path d="M201.737 19.0079C197.245 19.0079 195.27 16.4104 195.27 12.7307C195.27 9.105 197.299 6.48046 200.952 6.48046C204.659 6.48046 206.147 9.05088 206.147 12.7307V13.6777H197.354C197.651 15.734 198.977 17.0598 201.818 17.0598C203.225 17.0598 204.388 16.7892 205.471 16.4104V18.3044C204.497 18.8185 202.981 19.0079 201.737 19.0079ZM197.326 11.8919H204.037C203.928 9.64615 202.9 8.37446 200.844 8.37446C198.652 8.37446 197.543 9.78143 197.326 11.8919Z" fill="#253858"></path><path d="M211.829 18.8456C209.854 18.8456 208.61 17.8986 208.61 15.6799V1.69136H210.693V15.4364C210.693 16.5187 211.424 16.8975 212.316 16.8975C212.533 16.8975 212.668 16.8975 212.912 16.8704V18.7374C212.722 18.7915 212.371 18.8456 211.829 18.8456Z" fill="#253858"></path><path d="M214.049 12.7307C214.049 9.105 216.159 6.48046 219.785 6.48046C223.384 6.48046 225.467 9.105 225.467 12.7307C225.467 16.3563 223.384 19.0079 219.785 19.0079C216.159 19.0079 214.049 16.3293 214.049 12.7307ZM216.078 12.7307C216.078 15.0305 217.215 17.0869 219.785 17.0869C222.328 17.0869 223.438 15.0035 223.438 12.7307C223.438 10.4308 222.328 8.42856 219.785 8.42856C217.215 8.40151 216.078 10.4308 216.078 12.7307Z" fill="#253858"></path><path d="M229.931 16.6539V23.4724H227.848V6.72398H229.931V8.88855C230.689 7.29218 232.15 6.48046 233.99 6.48046C237.183 6.48046 238.806 9.21323 238.806 12.7307C238.806 16.1399 237.129 18.9809 233.746 18.9809C232.015 19.0079 230.662 18.2233 229.931 16.6539ZM233.449 8.40151C231.582 8.40151 229.931 9.59205 229.931 12.2436V13.2177C229.931 15.8964 231.447 17.0598 233.205 17.0598C235.532 17.0598 236.75 15.5175 236.75 12.7307C236.75 9.8626 235.613 8.40151 233.449 8.40151Z" fill="#253858"></path><path d="M247.004 19.0079C242.512 19.0079 240.537 16.4104 240.537 12.7307C240.537 9.105 242.566 6.48046 246.219 6.48046C249.926 6.48046 251.414 9.05088 251.414 12.7307V13.6777H242.62C242.918 15.734 244.244 17.0598 247.085 17.0598C248.492 17.0598 249.655 16.7892 250.737 16.4104V18.3044C249.736 18.8185 248.221 19.0079 247.004 19.0079ZM242.593 11.8919H249.303C249.195 9.64615 248.167 8.37446 246.111 8.37446C243.919 8.37446 242.81 9.78143 242.593 11.8919Z" fill="#253858"></path><path d="M255.878 18.7645H253.848V6.7241H255.878V8.83454C256.581 7.40051 257.772 6.39939 260.153 6.53468V8.56396C257.501 8.29339 255.878 9.10511 255.878 11.6485V18.7645Z" fill="#253858"></path><defs><linearGradient id="paint0_linear" x1="7.72023" y1="10.4927" x2="3.08501" y2="18.5211" gradientUnits="userSpaceOnUse"><stop stop-color="#0052CC"></stop><stop offset="0.9228" stop-color="#2684FF"></stop></linearGradient></defs></svg></div><style data-emotion-css="15lsza2">.css-15lsza2{max-height:28px;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;}.css-15lsza2 > *{max-height:24px;}@media (min-width:1280px){.css-15lsza2{display:none;}}</style><div data-testid="navigation-icon" class="css-15lsza2"><style data-emotion="css 1hj8rln">.css-1hj8rln{display:inline-block;position:relative;color:var(--logo-color);fill:var(--logo-fill);line-height:1;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;white-space:normal;height:32px;}.css-1hj8rln >svg{height:100%;fill:inherit;}.css-1hj8rln stop{stop-color:currentColor;}</style><span style="--logo-color:#2684FF;--logo-fill:currentColor" aria-label="Atlassian" role="img" class="css-1hj8rln"><svg fill="none" height="32" viewBox="0 0 32 32" focusable="false" aria-hidden="true" xmlns="http://www.w3.org/2000/svg"> <path fill="#2684FF" d="M27.545 24.378 16.96 3.208c-.208-.458-.417-.541-.667-.541-.208 0-.458.083-.708.5-1.5 2.375-2.167 5.125-2.167 8 0 4.001 2.042 7.752 5.042 13.795.334.666.584.791 1.167.791h7.335c.541 0 .833-.208.833-.625 0-.208-.042-.333-.25-.75M12.168 14.377c-.834-1.25-1.084-1.334-1.292-1.334s-.333.083-.708.834L4.875 24.46c-.167.334-.208.459-.208.625 0 .334.291.667.916.667h7.46c.5 0 .875-.416 1.083-1.208.25-1 .334-1.876.334-2.917 0-2.917-1.292-5.751-2.292-7.251"/> </svg></span></div></a><style data-emotion-css="uiquy5">.css-uiquy5{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;height:100%;position:relative;-webkit-align-items:stretch;-webkit-box-align:stretch;-ms-flex-align:stretch;align-items:stretch;-webkit-flex-basis:0;-ms-flex-preferred-size:0;flex-basis:0;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;}.css-uiquy5 > *{margin:0 4px;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;}</style><div class="css-uiquy5"><style data-emotion-css="le7mka">.css-le7mka{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;height:100%;position:relative;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-webkit-justify-content:center;-ms-flex-pack:center;justify-content:center;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;}</style><div style="--button-selected-color:var(--ds-text-selected, #0052CC);--button-selected-border-color:var(--ds-border-selected, #0052CC)" class="css-le7mka"><style data-emotion="css 4mgr5f">.css-4mgr5f,.css-4mgr5f:hover,.css-4mgr5f:active,.css-4mgr5f:focus,.css-4mgr5f:visited,.css-4mgr5f:disabled,.css-4mgr5f[disabled]{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;border-radius:3px;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-family:inherit;font-weight:500;max-width:100%;position:relative;text-align:center;-webkit-text-decoration:none;text-decoration:none;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47, 0.03, 0.49, 1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47, 0.03, 0.49, 1.38);white-space:nowrap;background:var(--ds-background-brand-bold, #0052CC);color:var(--ds-text-subtle, #344563);cursor:pointer;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 4px;vertical-align:middle;width:auto;-webkit-box-pack:center;-ms-flex-pack:center;-webkit-justify-content:center;justify-content:center;outline:none;background-color:transparent;margin-left:0;margin-right:0;}.css-4mgr5f::-moz-focus-inner,.css-4mgr5f:hover::-moz-focus-inner,.css-4mgr5f:active::-moz-focus-inner,.css-4mgr5f:focus::-moz-focus-inner,.css-4mgr5f:visited::-moz-focus-inner,.css-4mgr5f:disabled::-moz-focus-inner,.css-4mgr5f[disabled]::-moz-focus-inner{border:0;margin:0;padding:0;}.css-4mgr5f:hover,.css-4mgr5f:hover:hover,.css-4mgr5f:active:hover,.css-4mgr5f:focus:hover,.css-4mgr5f:visited:hover,.css-4mgr5f:disabled:hover,.css-4mgr5f[disabled]:hover{color:var(--ds-text-subtle, #0052CC);background-color:var(--ds-background-neutral-hovered, rgba(222, 235, 255, 0.9));}.css-4mgr5f:focus,.css-4mgr5f:hover:focus,.css-4mgr5f:active:focus,.css-4mgr5f:focus:focus,.css-4mgr5f:visited:focus,.css-4mgr5f:disabled:focus,.css-4mgr5f[disabled]:focus{color:var(--ds-text-subtle, #344563);box-shadow:0 0 0 2px var(--ds-border-focused, #2684FF);}</style><a class="css-4mgr5f" href="/docs/" data-testid="Documentation" tabindex="0"><style data-emotion="css 178ag6o">.css-178ag6o{opacity:1;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;margin:0 2px;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;-webkit-flex-shrink:1;-ms-flex-negative:1;flex-shrink:1;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;}</style><span class="css-178ag6o">Documentation</span><style data-emotion="css 16j5qb5">.css-16j5qb5{opacity:1;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;margin:0 2px;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;font-size:0;line-height:0;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;}</style><span class="css-16j5qb5"><style data-emotion="css snhnyn">.css-snhnyn{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;}.css-snhnyn >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-snhnyn >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-snhnyn >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}</style><span role="img" aria-label="open" style="--icon-primary-color:currentColor;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-snhnyn"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><path d="M8.292 10.293a1.009 1.009 0 000 1.419l2.939 2.965c.218.215.5.322.779.322s.556-.107.769-.322l2.93-2.955a1.01 1.01 0 000-1.419.987.987 0 00-1.406 0l-2.298 2.317-2.307-2.327a.99.99 0 00-1.406 0z" fill="currentColor" fill-rule="evenodd"/></svg></span></span></a></div><div style="--button-selected-color:var(--ds-text-selected, #0052CC);--button-selected-border-color:var(--ds-border-selected, #0052CC)" class="css-le7mka"><style data-emotion="css 4mgr5f">.css-4mgr5f,.css-4mgr5f:hover,.css-4mgr5f:active,.css-4mgr5f:focus,.css-4mgr5f:visited,.css-4mgr5f:disabled,.css-4mgr5f[disabled]{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;border-radius:3px;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-family:inherit;font-weight:500;max-width:100%;position:relative;text-align:center;-webkit-text-decoration:none;text-decoration:none;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47, 0.03, 0.49, 1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47, 0.03, 0.49, 1.38);white-space:nowrap;background:var(--ds-background-brand-bold, #0052CC);color:var(--ds-text-subtle, #344563);cursor:pointer;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 4px;vertical-align:middle;width:auto;-webkit-box-pack:center;-ms-flex-pack:center;-webkit-justify-content:center;justify-content:center;outline:none;background-color:transparent;margin-left:0;margin-right:0;}.css-4mgr5f::-moz-focus-inner,.css-4mgr5f:hover::-moz-focus-inner,.css-4mgr5f:active::-moz-focus-inner,.css-4mgr5f:focus::-moz-focus-inner,.css-4mgr5f:visited::-moz-focus-inner,.css-4mgr5f:disabled::-moz-focus-inner,.css-4mgr5f[disabled]::-moz-focus-inner{border:0;margin:0;padding:0;}.css-4mgr5f:hover,.css-4mgr5f:hover:hover,.css-4mgr5f:active:hover,.css-4mgr5f:focus:hover,.css-4mgr5f:visited:hover,.css-4mgr5f:disabled:hover,.css-4mgr5f[disabled]:hover{color:var(--ds-text-subtle, #0052CC);background-color:var(--ds-background-neutral-hovered, rgba(222, 235, 255, 0.9));}.css-4mgr5f:focus,.css-4mgr5f:hover:focus,.css-4mgr5f:active:focus,.css-4mgr5f:focus:focus,.css-4mgr5f:visited:focus,.css-4mgr5f:disabled:focus,.css-4mgr5f[disabled]:focus{color:var(--ds-text-subtle, #344563);box-shadow:0 0 0 2px var(--ds-border-focused, #2684FF);}</style><a class="css-4mgr5f" href="/resources" data-testid="Resources" tabindex="0"><style data-emotion="css 178ag6o">.css-178ag6o{opacity:1;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;margin:0 2px;-webkit-box-flex:1;-webkit-flex-grow:1;-ms-flex-positive:1;flex-grow:1;-webkit-flex-shrink:1;-ms-flex-negative:1;flex-shrink:1;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;}</style><span class="css-178ag6o">Resources</span><style data-emotion="css 16j5qb5">.css-16j5qb5{opacity:1;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;margin:0 2px;-webkit-box-flex:0;-webkit-flex-grow:0;-ms-flex-positive:0;flex-grow:0;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;font-size:0;line-height:0;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;}</style><span class="css-16j5qb5"><style data-emotion="css snhnyn">.css-snhnyn{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;}.css-snhnyn >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-snhnyn >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-snhnyn >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}</style><span role="img" aria-label="open" style="--icon-primary-color:currentColor;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-snhnyn"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><path d="M8.292 10.293a1.009 1.009 0 000 1.419l2.939 2.965c.218.215.5.322.779.322s.556-.107.769-.322l2.93-2.955a1.01 1.01 0 000-1.419.987.987 0 00-1.406 0l-2.298 2.317-2.307-2.327a.99.99 0 00-1.406 0z" fill="currentColor" fill-rule="evenodd"/></svg></span></span></a></div><style data-emotion-css="1ozpmrm">.css-1ozpmrm{width:100%;min-width:1px;margin:0px;position:relative;-webkit-flex-shrink:1;-ms-flex-negative:1;flex-shrink:1;}</style><div class="css-1ozpmrm"><div style="display:block;width:100%;position:absolute"></div></div></div></nav><style data-emotion-css="d4blq8">.css-d4blq8{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;}.css-d4blq8 > *{margin-right:4px;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;}</style><div class="css-d4blq8"><button type="button" class="DocSearch DocSearch-Button" aria-label="Search"><span class="DocSearch-Button-Container"><svg width="16" height="16" viewBox="0 0 24 24" role="presentation"><path d="M16.436 15.085l3.94 4.01a1 1 0 01-1.425 1.402l-3.938-4.006a7.5 7.5 0 111.423-1.406zM10.5 16a5.5 5.5 0 100-11 5.5 5.5 0 000 11z" fill="currentColor" fill-rule="evenodd"></path></svg><span class="DocSearch-Button-Placeholder">Search</span></span><span class="DocSearch-Button-Keys"></span></button><div class="sc-eNPDpu iARtDw"></div><style data-emotion-css="1pys61m">a.css-1pys61m{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:none;border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}a.css-1pys61m::-moz-focus-inner{border:0;margin:0;padding:0;}a.css-1pys61m:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><a href="/support" type="button" class="css-1pys61m"><style data-emotion-css="j8fq0c">.css-j8fq0c{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-flex-wrap:nowrap;-ms-flex-wrap:nowrap;flex-wrap:nowrap;max-width:100%;position:relative;}</style><span class="css-j8fq0c"><style data-emotion-css="t5emrf">.css-t5emrf{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin:0 4px;max-width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;opacity:1;}</style><span class="css-t5emrf">Support</span></span></a><style data-emotion-css="9b4v41">a.css-9b4v41{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:rgba(9,30,66,0.04);border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}a.css-9b4v41::-moz-focus-inner{border:0;margin:0;padding:0;}a.css-9b4v41:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><a href="/account/login?returnTo=%2Fdeveloper-guide%2F" type="button" class="css-9b4v41"><span class="css-j8fq0c"><span class="css-t5emrf">Log in</span></span></a></div></header></div><div class="sc-gVZiCL BlNLE sc-hBcjXN iLnIWi"><div class="sc-jBoNkH eGFUop"><nav class="sc-fPbjcq bNgsgj"><ul class="sc-jgVwMx ixXsyz sc-dBfaGr hMVyQH"></ul><ul class="sc-dBfaGr hMVyQH"><li class="sc-hgzKov cTROs"><div class="sc-eAudoH kiTwuh"><div class="sc-hCbubC bCnCXc">Getting started</div><div class="sc-kMBllD fdgUza"><style data-emotion="css snhnyn">.css-snhnyn{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;}.css-snhnyn >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-snhnyn >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-snhnyn >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}</style><span role="img" aria-label="hide" style="--icon-primary-color:#B3BAC5;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-snhnyn"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><path d="M10.294 9.698a.988.988 0 010-1.407 1.01 1.01 0 011.419 0l2.965 2.94a1.09 1.09 0 010 1.548l-2.955 2.93a1.01 1.01 0 01-1.42 0 .988.988 0 010-1.407l2.318-2.297-2.327-2.307z" fill="currentColor" fill-rule="evenodd"/></svg></span></div></div><ul class="sc-enfXDO bHbcZi"><li class="sc-eQGPmX ebjqXf"><div class="sc-hMjcWo jOJzhX"><style data-emotion-css="1pys61m">a.css-1pys61m{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:none;border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}a.css-1pys61m::-moz-focus-inner{border:0;margin:0;padding:0;}a.css-1pys61m:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><a href="/developer-guide/start-building-with-atlassian/" type="button" class="css-1pys61m"><style data-emotion-css="j8fq0c">.css-j8fq0c{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-flex-wrap:nowrap;-ms-flex-wrap:nowrap;flex-wrap:nowrap;max-width:100%;position:relative;}</style><span class="css-j8fq0c"><style data-emotion-css="t5emrf">.css-t5emrf{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin:0 4px;max-width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;opacity:1;}</style><span class="css-t5emrf"><span class="sc-dAOnuy gupbxx">Start building with Atlassian</span></span></span></a></div></li><li class="sc-eQGPmX ebjqXf"><div class="sc-hMjcWo jOJzhX"><style data-emotion-css="1pys61m">a.css-1pys61m{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:none;border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}a.css-1pys61m::-moz-focus-inner{border:0;margin:0;padding:0;}a.css-1pys61m:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><a href="/developer-guide/cloud-and-data-center-for-developers/" type="button" class="css-1pys61m"><style data-emotion-css="j8fq0c">.css-j8fq0c{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-flex-wrap:nowrap;-ms-flex-wrap:nowrap;flex-wrap:nowrap;max-width:100%;position:relative;}</style><span class="css-j8fq0c"><style data-emotion-css="t5emrf">.css-t5emrf{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin:0 4px;max-width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;opacity:1;}</style><span class="css-t5emrf"><span class="sc-dAOnuy gupbxx">Cloud and Data Center development</span></span></span></a></div></li><li class="sc-eQGPmX ebjqXf"><div class="sc-hMjcWo jOJzhX"><style data-emotion-css="1pys61m">a.css-1pys61m{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:none;border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}a.css-1pys61m::-moz-focus-inner{border:0;margin:0;padding:0;}a.css-1pys61m:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><a href="/developer-guide/auth/" type="button" class="css-1pys61m"><style data-emotion-css="j8fq0c">.css-j8fq0c{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-flex-wrap:nowrap;-ms-flex-wrap:nowrap;flex-wrap:nowrap;max-width:100%;position:relative;}</style><span class="css-j8fq0c"><style data-emotion-css="t5emrf">.css-t5emrf{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin:0 4px;max-width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;opacity:1;}</style><span class="css-t5emrf"><span class="sc-dAOnuy gupbxx">Authentication and authorization</span></span></span></a><ul class="sc-bLJvFH XLvQi"><li class="sc-eQGPmX ebjqXf"><div class="sc-hMjcWo jOJzhX"><style data-emotion-css="1pys61m">a.css-1pys61m{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:none;border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}a.css-1pys61m::-moz-focus-inner{border:0;margin:0;padding:0;}a.css-1pys61m:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><a href="/developer-guide/connect-app-authorization/" type="button" class="css-1pys61m"><style data-emotion-css="j8fq0c">.css-j8fq0c{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-flex-wrap:nowrap;-ms-flex-wrap:nowrap;flex-wrap:nowrap;max-width:100%;position:relative;}</style><span class="css-j8fq0c"><style data-emotion-css="t5emrf">.css-t5emrf{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin:0 4px;max-width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;opacity:1;}</style><span class="css-t5emrf"><span class="sc-dAOnuy gupbxx">Connect app authorization</span></span></span></a></div></li></ul></div></li></ul></li><li class="sc-hgzKov cTROs"><div class="sc-eAudoH kiTwuh"><div class="sc-hCbubC bCnCXc">Developing on cloud</div><div class="sc-kMBllD fdgUza"><style data-emotion="css snhnyn">.css-snhnyn{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;}.css-snhnyn >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-snhnyn >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-snhnyn >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}</style><span role="img" aria-label="hide" style="--icon-primary-color:#B3BAC5;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-snhnyn"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><path d="M10.294 9.698a.988.988 0 010-1.407 1.01 1.01 0 011.419 0l2.965 2.94a1.09 1.09 0 010 1.548l-2.955 2.93a1.01 1.01 0 01-1.42 0 .988.988 0 010-1.407l2.318-2.297-2.327-2.307z" fill="currentColor" fill-rule="evenodd"/></svg></span></div></div><ul class="sc-enfXDO bHbcZi"><li class="sc-eQGPmX ebjqXf"><div class="sc-hMjcWo jOJzhX"><style data-emotion-css="1pys61m">a.css-1pys61m{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:none;border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}a.css-1pys61m::-moz-focus-inner{border:0;margin:0;padding:0;}a.css-1pys61m:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><a href="/developer-guide/evaluate-cloud/" type="button" class="css-1pys61m"><style data-emotion-css="j8fq0c">.css-j8fq0c{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-flex-wrap:nowrap;-ms-flex-wrap:nowrap;flex-wrap:nowrap;max-width:100%;position:relative;}</style><span class="css-j8fq0c"><style data-emotion-css="t5emrf">.css-t5emrf{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin:0 4px;max-width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;opacity:1;}</style><span class="css-t5emrf"><span class="sc-dAOnuy gupbxx">Evaluate cloud</span></span></span></a><ul class="sc-bLJvFH XLvQi"><li class="sc-eQGPmX ebjqXf"><div class="sc-hMjcWo jOJzhX"><style data-emotion-css="1pys61m">a.css-1pys61m{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:none;border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}a.css-1pys61m::-moz-focus-inner{border:0;margin:0;padding:0;}a.css-1pys61m:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><a href="/developer-guide/cloud-development-options/" type="button" class="css-1pys61m"><style data-emotion-css="j8fq0c">.css-j8fq0c{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-flex-wrap:nowrap;-ms-flex-wrap:nowrap;flex-wrap:nowrap;max-width:100%;position:relative;}</style><span class="css-j8fq0c"><style data-emotion-css="t5emrf">.css-t5emrf{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin:0 4px;max-width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;opacity:1;}</style><span class="css-t5emrf"><span class="sc-dAOnuy gupbxx">Cloud development options</span></span></span></a></div></li><li class="sc-eQGPmX ebjqXf"><div class="sc-hMjcWo jOJzhX"><style data-emotion-css="1pys61m">a.css-1pys61m{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:none;border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}a.css-1pys61m::-moz-focus-inner{border:0;margin:0;padding:0;}a.css-1pys61m:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><a href="/developer-guide/forge-adoption-for-server-apps/" type="button" class="css-1pys61m"><style data-emotion-css="j8fq0c">.css-j8fq0c{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-flex-wrap:nowrap;-ms-flex-wrap:nowrap;flex-wrap:nowrap;max-width:100%;position:relative;}</style><span class="css-j8fq0c"><style data-emotion-css="t5emrf">.css-t5emrf{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin:0 4px;max-width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;opacity:1;}</style><span class="css-t5emrf"><span class="sc-dAOnuy gupbxx">Forge adoption for server apps</span></span></span></a></div></li></ul></div></li><li class="sc-eQGPmX ebjqXf"><div class="sc-hMjcWo jOJzhX"><style data-emotion-css="1pys61m">a.css-1pys61m{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:none;border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}a.css-1pys61m::-moz-focus-inner{border:0;margin:0;padding:0;}a.css-1pys61m:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><a href="/developer-guide/cloud-app-hosting/" type="button" class="css-1pys61m"><style data-emotion-css="j8fq0c">.css-j8fq0c{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-flex-wrap:nowrap;-ms-flex-wrap:nowrap;flex-wrap:nowrap;max-width:100%;position:relative;}</style><span class="css-j8fq0c"><style data-emotion-css="t5emrf">.css-t5emrf{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin:0 4px;max-width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;opacity:1;}</style><span class="css-t5emrf"><span class="sc-dAOnuy gupbxx">Cloud app hosting</span></span></span></a></div></li><li class="sc-eQGPmX ebjqXf"><div class="sc-hMjcWo jOJzhX"><style data-emotion-css="1pys61m">a.css-1pys61m{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:none;border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}a.css-1pys61m::-moz-focus-inner{border:0;margin:0;padding:0;}a.css-1pys61m:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><a href="/developer-guide/cloud-shared-responsibility-model/" type="button" class="css-1pys61m"><style data-emotion-css="j8fq0c">.css-j8fq0c{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-flex-wrap:nowrap;-ms-flex-wrap:nowrap;flex-wrap:nowrap;max-width:100%;position:relative;}</style><span class="css-j8fq0c"><style data-emotion-css="t5emrf">.css-t5emrf{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin:0 4px;max-width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;opacity:1;}</style><span class="css-t5emrf"><span class="sc-dAOnuy gupbxx">Cloud shared responsibility model (SRM)</span></span></span></a></div></li><li class="sc-eQGPmX ebjqXf"><div class="sc-hMjcWo jOJzhX"><style data-emotion-css="1pys61m">a.css-1pys61m{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:none;border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}a.css-1pys61m::-moz-focus-inner{border:0;margin:0;padding:0;}a.css-1pys61m:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><a href="/developer-guide/multitenancy/" type="button" class="css-1pys61m"><style data-emotion-css="j8fq0c">.css-j8fq0c{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-flex-wrap:nowrap;-ms-flex-wrap:nowrap;flex-wrap:nowrap;max-width:100%;position:relative;}</style><span class="css-j8fq0c"><style data-emotion-css="t5emrf">.css-t5emrf{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin:0 4px;max-width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;opacity:1;}</style><span class="css-t5emrf"><span class="sc-dAOnuy gupbxx">Multitenancy</span></span></span></a></div></li><li class="sc-eQGPmX ebjqXf"><div class="sc-hMjcWo launBt"><style data-emotion-css="1pys61m">a.css-1pys61m{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:none;border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}a.css-1pys61m::-moz-focus-inner{border:0;margin:0;padding:0;}a.css-1pys61m:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><a href="/developer-guide/building-secure-preventing-xss/" type="button" class="css-1pys61m"><style data-emotion-css="j8fq0c">.css-j8fq0c{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-flex-wrap:nowrap;-ms-flex-wrap:nowrap;flex-wrap:nowrap;max-width:100%;position:relative;}</style><span class="css-j8fq0c"><style data-emotion-css="t5emrf">.css-t5emrf{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin:0 4px;max-width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;opacity:1;}</style><span class="css-t5emrf"><span class="sc-dAOnuy gupbxx">Preventing XSS attacks</span></span></span></a></div></li></ul></li><li class="sc-hgzKov cTROs"><div class="sc-eAudoH kiTwuh"><div class="sc-hCbubC bCnCXc">Sharing your apps</div><div class="sc-kMBllD fdgUza"><style data-emotion="css snhnyn">.css-snhnyn{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;}.css-snhnyn >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-snhnyn >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-snhnyn >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}</style><span role="img" aria-label="hide" style="--icon-primary-color:#B3BAC5;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-snhnyn"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><path d="M10.294 9.698a.988.988 0 010-1.407 1.01 1.01 0 011.419 0l2.965 2.94a1.09 1.09 0 010 1.548l-2.955 2.93a1.01 1.01 0 01-1.42 0 .988.988 0 010-1.407l2.318-2.297-2.327-2.307z" fill="currentColor" fill-rule="evenodd"/></svg></span></div></div><ul class="sc-enfXDO bHbcZi"><li class="sc-eQGPmX ebjqXf"><div class="sc-hMjcWo jOJzhX"><style data-emotion-css="1pys61m">a.css-1pys61m{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:none;border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}a.css-1pys61m::-moz-focus-inner{border:0;margin:0;padding:0;}a.css-1pys61m:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><a href="/developer-guide/distribute-and-list-apps/" type="button" class="css-1pys61m"><style data-emotion-css="j8fq0c">.css-j8fq0c{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-flex-wrap:nowrap;-ms-flex-wrap:nowrap;flex-wrap:nowrap;max-width:100%;position:relative;}</style><span class="css-j8fq0c"><style data-emotion-css="t5emrf">.css-t5emrf{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin:0 4px;max-width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;opacity:1;}</style><span class="css-t5emrf"><span class="sc-dAOnuy gupbxx">Distribute and list apps</span></span></span></a></div></li></ul></li><li class="sc-hgzKov cTROs"><div class="sc-eAudoH kiTwuh"><div class="sc-hCbubC bCnCXc">Getting help</div><div class="sc-kMBllD fdgUza"><style data-emotion="css snhnyn">.css-snhnyn{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;}.css-snhnyn >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-snhnyn >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-snhnyn >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}</style><span role="img" aria-label="hide" style="--icon-primary-color:#B3BAC5;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-snhnyn"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><path d="M10.294 9.698a.988.988 0 010-1.407 1.01 1.01 0 011.419 0l2.965 2.94a1.09 1.09 0 010 1.548l-2.955 2.93a1.01 1.01 0 01-1.42 0 .988.988 0 010-1.407l2.318-2.297-2.327-2.307z" fill="currentColor" fill-rule="evenodd"/></svg></span></div></div><ul class="sc-enfXDO bHbcZi"><li class="sc-eQGPmX ebjqXf"><div class="sc-hMjcWo jOJzhX"><style data-emotion-css="1pys61m">a.css-1pys61m{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:none;border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}a.css-1pys61m::-moz-focus-inner{border:0;margin:0;padding:0;}a.css-1pys61m:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><a href="/developer-guide/using-the-documentation/" type="button" class="css-1pys61m"><style data-emotion-css="j8fq0c">.css-j8fq0c{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-flex-wrap:nowrap;-ms-flex-wrap:nowrap;flex-wrap:nowrap;max-width:100%;position:relative;}</style><span class="css-j8fq0c"><style data-emotion-css="t5emrf">.css-t5emrf{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin:0 4px;max-width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;opacity:1;}</style><span class="css-t5emrf"><span class="sc-dAOnuy gupbxx">Explore the documentation</span></span></span></a></div></li><li class="sc-eQGPmX ebjqXf"><div class="sc-hMjcWo jOJzhX"><style data-emotion-css="1pys61m">a.css-1pys61m{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:none;border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}a.css-1pys61m::-moz-focus-inner{border:0;margin:0;padding:0;}a.css-1pys61m:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><a href="/developer-guide/help-and-feedback/" type="button" class="css-1pys61m"><style data-emotion-css="j8fq0c">.css-j8fq0c{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-flex-wrap:nowrap;-ms-flex-wrap:nowrap;flex-wrap:nowrap;max-width:100%;position:relative;}</style><span class="css-j8fq0c"><style data-emotion-css="t5emrf">.css-t5emrf{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin:0 4px;max-width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;opacity:1;}</style><span class="css-t5emrf"><span class="sc-dAOnuy gupbxx">Get help and give feedback</span></span></span></a></div></li><li class="sc-eQGPmX ebjqXf"><div class="sc-hMjcWo jOJzhX"><style data-emotion-css="1pys61m">a.css-1pys61m{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:none;border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}a.css-1pys61m::-moz-focus-inner{border:0;margin:0;padding:0;}a.css-1pys61m:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><a href="/developer-guide/how-to-report-an-incident/" type="button" class="css-1pys61m"><style data-emotion-css="j8fq0c">.css-j8fq0c{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-flex-wrap:nowrap;-ms-flex-wrap:nowrap;flex-wrap:nowrap;max-width:100%;position:relative;}</style><span class="css-j8fq0c"><style data-emotion-css="t5emrf">.css-t5emrf{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin:0 4px;max-width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;opacity:1;}</style><span class="css-t5emrf"><span class="sc-dAOnuy gupbxx">Submit a critical incident ticket</span></span></span></a></div></li><li class="sc-eQGPmX ebjqXf"><div class="sc-hMjcWo jOJzhX"><style data-emotion-css="1pys61m">a.css-1pys61m{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:none;border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}a.css-1pys61m::-moz-focus-inner{border:0;margin:0;padding:0;}a.css-1pys61m:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><a href="/developer-guide/check-incident-updates/" type="button" class="css-1pys61m"><style data-emotion-css="j8fq0c">.css-j8fq0c{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-flex-wrap:nowrap;-ms-flex-wrap:nowrap;flex-wrap:nowrap;max-width:100%;position:relative;}</style><span class="css-j8fq0c"><style data-emotion-css="t5emrf">.css-t5emrf{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin:0 4px;max-width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;opacity:1;}</style><span class="css-t5emrf"><span class="sc-dAOnuy gupbxx">Check incident updates</span></span></span></a></div></li><li class="sc-eQGPmX ebjqXf"><div class="sc-hMjcWo jOJzhX"><style data-emotion-css="1pys61m">a.css-1pys61m{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:none;border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}a.css-1pys61m::-moz-focus-inner{border:0;margin:0;padding:0;}a.css-1pys61m:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><a href="/developer-guide/app-incident-severity-levels/" type="button" class="css-1pys61m"><style data-emotion-css="j8fq0c">.css-j8fq0c{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-flex-wrap:nowrap;-ms-flex-wrap:nowrap;flex-wrap:nowrap;max-width:100%;position:relative;}</style><span class="css-j8fq0c"><style data-emotion-css="t5emrf">.css-t5emrf{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin:0 4px;max-width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;opacity:1;}</style><span class="css-t5emrf"><span class="sc-dAOnuy gupbxx">App incident severity levels</span></span></span></a></div></li><li class="sc-eQGPmX ebjqXf"><div class="sc-hMjcWo jOJzhX"><style data-emotion-css="1pys61m">a.css-1pys61m{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:none;border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}a.css-1pys61m::-moz-focus-inner{border:0;margin:0;padding:0;}a.css-1pys61m:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><a href="/developer-guide/communication-channels/" type="button" class="css-1pys61m"><style data-emotion-css="j8fq0c">.css-j8fq0c{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-flex-wrap:nowrap;-ms-flex-wrap:nowrap;flex-wrap:nowrap;max-width:100%;position:relative;}</style><span class="css-j8fq0c"><style data-emotion-css="t5emrf">.css-t5emrf{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin:0 4px;max-width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;opacity:1;}</style><span class="css-t5emrf"><span class="sc-dAOnuy gupbxx">Atlassian communication channels</span></span></span></a></div></li><li class="sc-eQGPmX ebjqXf"><div class="sc-hMjcWo jOJzhX"><style data-emotion-css="1pys61m">a.css-1pys61m{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:none;border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}a.css-1pys61m::-moz-focus-inner{border:0;margin:0;padding:0;}a.css-1pys61m:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><a href="/developer-guide/glossary/" type="button" class="css-1pys61m"><style data-emotion-css="j8fq0c">.css-j8fq0c{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-flex-wrap:nowrap;-ms-flex-wrap:nowrap;flex-wrap:nowrap;max-width:100%;position:relative;}</style><span class="css-j8fq0c"><style data-emotion-css="t5emrf">.css-t5emrf{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin:0 4px;max-width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;opacity:1;}</style><span class="css-t5emrf"><span class="sc-dAOnuy gupbxx">Glossary</span></span></span></a></div></li></ul></li><li class="sc-hgzKov cTROs"><div class="sc-eAudoH kiTwuh"><div class="sc-hCbubC bCnCXc">Integrating with our products</div><div class="sc-kMBllD fdgUza"><style data-emotion="css snhnyn">.css-snhnyn{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;}.css-snhnyn >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-snhnyn >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-snhnyn >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}</style><span role="img" aria-label="hide" style="--icon-primary-color:#B3BAC5;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-snhnyn"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><path d="M10.294 9.698a.988.988 0 010-1.407 1.01 1.01 0 011.419 0l2.965 2.94a1.09 1.09 0 010 1.548l-2.955 2.93a1.01 1.01 0 01-1.42 0 .988.988 0 010-1.407l2.318-2.297-2.327-2.307z" fill="currentColor" fill-rule="evenodd"/></svg></span></div></div><ul class="sc-enfXDO bHbcZi"><li class="sc-eQGPmX ebjqXf"><div class="sc-hMjcWo jOJzhX"><style data-emotion-css="1pys61m">a.css-1pys61m{-webkit-align-items:baseline;-webkit-box-align:baseline;-ms-flex-align:baseline;align-items:baseline;border-width:0;box-sizing:border-box;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:inherit;font-style:normal;font-weight:500;max-width:100%;outline:none !important;text-align:center;-webkit-text-decoration:none;text-decoration:none;white-space:nowrap;background:none;border-radius:3px;box-shadow:0 0 0 2px inherit;color:#42526E !important;cursor:default;height:2.2857142857142856em;line-height:2.2857142857142856em;padding:0 8px;-webkit-transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);transition:background 0.1s ease-out,box-shadow 0.15s cubic-bezier(0.47,0.03,0.49,1.38);-webkit-transition-duration:0.1s,0.15s;transition-duration:0.1s,0.15s;vertical-align:middle;width:auto;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI','Roboto','Oxygen','Ubuntu','Fira Sans','Droid Sans','Helvetica Neue',sans-serif;}a.css-1pys61m::-moz-focus-inner{border:0;margin:0;padding:0;}a.css-1pys61m:hover{-webkit-text-decoration:inherit;text-decoration:inherit;}</style><a href="/developer-guide/jira-integration-guidelines/" type="button" class="css-1pys61m"><style data-emotion-css="j8fq0c">.css-j8fq0c{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;-webkit-flex-wrap:nowrap;-ms-flex-wrap:nowrap;flex-wrap:nowrap;max-width:100%;position:relative;}</style><span class="css-j8fq0c"><style data-emotion-css="t5emrf">.css-t5emrf{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin:0 4px;max-width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;-webkit-transition:opacity 0.3s;transition:opacity 0.3s;opacity:1;}</style><span class="css-t5emrf"><span class="sc-dAOnuy gupbxx">Jira integration guidelines</span></span></span></a></div></li></ul></li></ul></nav><div class="sc-fjNYmT cRavQB"><div class="sc-hzOKmB gWIkLp"><div class="sc-grYksN jGqvBW"><span class="sc-frudsx hsaQyA"><span class="sc-cBXKeB bWkibq">Last updated May 30, 2023</span></span></div></div><div class="sc-hdNmWC huMuzN"><div class="sc-imDdex hYifdp"><div class="sc-cBrjTV crKIBs"><h1 id="preventing-xss-attacks">Preventing XSS attacks<span role="presentation" class="heading-anchor-wrapper"><button class="sc-iCwjlJ bIjwqY"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span role="img" aria-label="copy" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M12.856 5.457l-.937.92a1.002 1.002 0 000 1.437 1.047 1.047 0 001.463 0l.984-.966c.967-.95 2.542-1.135 3.602-.288a2.54 2.54 0 01.203 3.81l-2.903 2.852a2.646 2.646 0 01-3.696 0l-1.11-1.09L9 13.57l1.108 1.089c1.822 1.788 4.802 1.788 6.622 0l2.905-2.852a4.558 4.558 0 00-.357-6.82c-1.893-1.517-4.695-1.226-6.422.47"/><path d="M11.144 19.543l.937-.92a1.002 1.002 0 000-1.437 1.047 1.047 0 00-1.462 0l-.985.966c-.967.95-2.542 1.135-3.602.288a2.54 2.54 0 01-.203-3.81l2.903-2.852a2.646 2.646 0 013.696 0l1.11 1.09L15 11.43l-1.108-1.089c-1.822-1.788-4.802-1.788-6.622 0l-2.905 2.852a4.558 4.558 0 00.357 6.82c1.893 1.517 4.695 1.226 6.422-.47"/></g></svg></span></button></span></h1><div class="sc-lffWgi iLIKSx"><div class="sc-fGSyRc eysgIS" width="192"><div class="sc-jkPxnQ cLWHVF"></div></div></div> <div class="sc-hkaZBZ bsbZCT"><section class="sc-giOsra cEicjz"><div class="sc-jOVcOr ccUuQb"><style data-emotion="css snhnyn">.css-snhnyn{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;}.css-snhnyn &gt;svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-snhnyn &gt;svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-snhnyn &gt;svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}</style><span aria-hidden="true" style="--icon-primary-color:#0747A6;--icon-secondary-color:#DEEBFF" class="css-snhnyn"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill-rule="evenodd"><path d="M2 12c0 5.523 4.477 10 10 10s10-4.477 10-10S17.523 2 12 2 2 6.477 2 12z" fill="currentColor"></path><rect fill="inherit" x="11" y="10" width="2" height="7" rx="1"></rect><circle fill="inherit" cx="12" cy="8" r="1"></circle></g></svg></span></div><div class="sc-SFOxd KLVHW"><h1 id="did-you-know" class="sc-jOBXIr ebpAmp">Did you know<span role="presentation" class="heading-anchor-wrapper"><button class="sc-iCwjlJ bIjwqY"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span role="img" aria-label="copy" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M12.856 5.457l-.937.92a1.002 1.002 0 000 1.437 1.047 1.047 0 001.463 0l.984-.966c.967-.95 2.542-1.135 3.602-.288a2.54 2.54 0 01.203 3.81l-2.903 2.852a2.646 2.646 0 01-3.696 0l-1.11-1.09L9 13.57l1.108 1.089c1.822 1.788 4.802 1.788 6.622 0l2.905-2.852a4.558 4.558 0 00-.357-6.82c-1.893-1.517-4.695-1.226-6.422.47"/><path d="M11.144 19.543l.937-.92a1.002 1.002 0 000-1.437 1.047 1.047 0 00-1.462 0l-.985.966c-.967.95-2.542 1.135-3.602.288a2.54 2.54 0 01-.203-3.81l2.903-2.852a2.646 2.646 0 013.696 0l1.11 1.09L15 11.43l-1.108-1.089c-1.822-1.788-4.802-1.788-6.622 0l-2.905 2.852a4.558 4.558 0 00.357 6.82c1.893 1.517 4.695 1.226 6.422-.47"/></g></svg></span></button></span></h1><div class="sc-dzOgQY RfwMt"> <p>The most common type of marketplace app vulnerability reported through the Atlassian bug bounty program are Cross-Site Scripting (XSS) attacks.</p> </div></div></section></div> <p>Cross-site scripting (XSS) is a web security vulnerability that allows an attacker to compromise interactions that users have with a vulnerable web application by injecting malicious code.</p> <p>This page provides a basic introduction to the different types of XSS attacks with reference to Atlassian Cloud apps, outlines the built-in security our cloud platforms provide, and provides information on preventing XSS attacks in Atlassian cloud apps.</p> <h2 id="what-is-cross-site-scripting--xss--">What is cross site scripting (XSS)?<span role="presentation" class="heading-anchor-wrapper"><button class="sc-iCwjlJ bIjwqY"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span role="img" aria-label="copy" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M12.856 5.457l-.937.92a1.002 1.002 0 000 1.437 1.047 1.047 0 001.463 0l.984-.966c.967-.95 2.542-1.135 3.602-.288a2.54 2.54 0 01.203 3.81l-2.903 2.852a2.646 2.646 0 01-3.696 0l-1.11-1.09L9 13.57l1.108 1.089c1.822 1.788 4.802 1.788 6.622 0l2.905-2.852a4.558 4.558 0 00-.357-6.82c-1.893-1.517-4.695-1.226-6.422.47"/><path d="M11.144 19.543l.937-.92a1.002 1.002 0 000-1.437 1.047 1.047 0 00-1.462 0l-.985.966c-.967.95-2.542 1.135-3.602.288a2.54 2.54 0 01-.203-3.81l2.903-2.852a2.646 2.646 0 013.696 0l1.11 1.09L15 11.43l-1.108-1.089c-1.822-1.788-4.802-1.788-6.622 0l-2.905 2.852a4.558 4.558 0 00.357 6.82c1.893 1.517 4.695 1.226 6.422-.47"/></g></svg></span></button></span></h2> <p>XSS attacks happen when malicious scripts are injected into what would usually be considered a safe or trustworthy site. Attackers use a web application to send malicious code (generally in the form of a browser side script) to another end user.</p> <p>These kinds of attacks are quite widespread, with the potential to occur anywhere a web application uses input from a user within the output it generates (without validating or encoding it).</p> <p>These attacks can expose the end users session tokens or any other sensitive information retained by the browser and used within the affected site. They could also result in redirecting the victim to web content controlled by the attacker, or having the user unintentionally make a malicious call to an API, allowing the attacker to obtain sensitive information.</p> <p>XSS attacks often take the form of Javascript, but may also include HTML - or any other code the browser could execute.</p> <h2 id="types-of-xss-attacks">Types of XSS attacks<span role="presentation" class="heading-anchor-wrapper"><button class="sc-iCwjlJ bIjwqY"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span role="img" aria-label="copy" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M12.856 5.457l-.937.92a1.002 1.002 0 000 1.437 1.047 1.047 0 001.463 0l.984-.966c.967-.95 2.542-1.135 3.602-.288a2.54 2.54 0 01.203 3.81l-2.903 2.852a2.646 2.646 0 01-3.696 0l-1.11-1.09L9 13.57l1.108 1.089c1.822 1.788 4.802 1.788 6.622 0l2.905-2.852a4.558 4.558 0 00-.357-6.82c-1.893-1.517-4.695-1.226-6.422.47"/><path d="M11.144 19.543l.937-.92a1.002 1.002 0 000-1.437 1.047 1.047 0 00-1.462 0l-.985.966c-.967.95-2.542 1.135-3.602.288a2.54 2.54 0 01-.203-3.81l2.903-2.852a2.646 2.646 0 013.696 0l1.11 1.09L15 11.43l-1.108-1.089c-1.822-1.788-4.802-1.788-6.622 0l-2.905 2.852a4.558 4.558 0 00.357 6.82c1.893 1.517 4.695 1.226 6.422-.47"/></g></svg></span></button></span></h2> <h3 id="stored---persistent-xss-attacks">Stored / persistent XSS attacks<span role="presentation" class="heading-anchor-wrapper"><button class="sc-iCwjlJ bIjwqY"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span role="img" aria-label="copy" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M12.856 5.457l-.937.92a1.002 1.002 0 000 1.437 1.047 1.047 0 001.463 0l.984-.966c.967-.95 2.542-1.135 3.602-.288a2.54 2.54 0 01.203 3.81l-2.903 2.852a2.646 2.646 0 01-3.696 0l-1.11-1.09L9 13.57l1.108 1.089c1.822 1.788 4.802 1.788 6.622 0l2.905-2.852a4.558 4.558 0 00-.357-6.82c-1.893-1.517-4.695-1.226-6.422.47"/><path d="M11.144 19.543l.937-.92a1.002 1.002 0 000-1.437 1.047 1.047 0 00-1.462 0l-.985.966c-.967.95-2.542 1.135-3.602.288a2.54 2.54 0 01-.203-3.81l2.903-2.852a2.646 2.646 0 013.696 0l1.11 1.09L15 11.43l-1.108-1.089c-1.822-1.788-4.802-1.788-6.622 0l-2.905 2.852a4.558 4.558 0 00.357 6.82c1.893 1.517 4.695 1.226 6.422-.47"/></g></svg></span></button></span></h3> <p>Stored attacks are those where the injected script is permanently stored on the target servers, this could be data entered into a field and then stored by an app - either through storage provided by Atlassian, such as Entity Properties and Forge Storage API, or data collected by your app and stored elsewhere.</p> <p>When the stored data is then retrieved and displayed for a user, if precautions are not taken to properly escape or encode those scripts, they may be executed as though they were run by the trusted user.</p> <h3 id="reflected---non-persistent-xss-attacks">Reflected / non-persistent XSS attacks<span role="presentation" class="heading-anchor-wrapper"><button class="sc-iCwjlJ bIjwqY"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span role="img" aria-label="copy" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M12.856 5.457l-.937.92a1.002 1.002 0 000 1.437 1.047 1.047 0 001.463 0l.984-.966c.967-.95 2.542-1.135 3.602-.288a2.54 2.54 0 01.203 3.81l-2.903 2.852a2.646 2.646 0 01-3.696 0l-1.11-1.09L9 13.57l1.108 1.089c1.822 1.788 4.802 1.788 6.622 0l2.905-2.852a4.558 4.558 0 00-.357-6.82c-1.893-1.517-4.695-1.226-6.422.47"/><path d="M11.144 19.543l.937-.92a1.002 1.002 0 000-1.437 1.047 1.047 0 00-1.462 0l-.985.966c-.967.95-2.542 1.135-3.602.288a2.54 2.54 0 01-.203-3.81l2.903-2.852a2.646 2.646 0 013.696 0l1.11 1.09L15 11.43l-1.108-1.089c-1.822-1.788-4.802-1.788-6.622 0l-2.905 2.852a4.558 4.558 0 00.357 6.82c1.893 1.517 4.695 1.226 6.422-.47"/></g></svg></span></button></span></h3> <p>Reflected or non-persistent attacks occur when a page renders a value taken from a request URL, header, or body without properly encoding the content first.</p> <p>The attack typically starts with the attacker finding a vulnerable input field, typically a URL or a form input field that accepts a payload of JavaScript, HTML, or other client-side scripting languages. The attacker then attempts to trick a victim into clicking the link - allowing the malicious script to run on the victim&#x27;s browser as if it is a legitimate input from the trusted user.</p> <p>One classic example of this is a search tool - an attacker might enter a search query that contains malicious code, such as JavaScript, into the search input field. The search tool might then echo back the query in the search results page without properly sanitizing or encoding it, allowing the malicious code to be executed in the user&#x27;s browser.</p> <p>A reflected attack is typically delivered via email or a neutral website. The bait is an innocent-looking URL, pointing to a trusted site but containing the XSS vector.</p> <h3 id="dom-based-xss-attacks">DOM-based XSS attacks<span role="presentation" class="heading-anchor-wrapper"><button class="sc-iCwjlJ bIjwqY"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span role="img" aria-label="copy" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M12.856 5.457l-.937.92a1.002 1.002 0 000 1.437 1.047 1.047 0 001.463 0l.984-.966c.967-.95 2.542-1.135 3.602-.288a2.54 2.54 0 01.203 3.81l-2.903 2.852a2.646 2.646 0 01-3.696 0l-1.11-1.09L9 13.57l1.108 1.089c1.822 1.788 4.802 1.788 6.622 0l2.905-2.852a4.558 4.558 0 00-.357-6.82c-1.893-1.517-4.695-1.226-6.422.47"/><path d="M11.144 19.543l.937-.92a1.002 1.002 0 000-1.437 1.047 1.047 0 00-1.462 0l-.985.966c-.967.95-2.542 1.135-3.602.288a2.54 2.54 0 01-.203-3.81l2.903-2.852a2.646 2.646 0 013.696 0l1.11 1.09L15 11.43l-1.108-1.089c-1.822-1.788-4.802-1.788-6.622 0l-2.905 2.852a4.558 4.558 0 00.357 6.82c1.893 1.517 4.695 1.226 6.422-.47"/></g></svg></span></button></span></h3> <p>DOM based XSS attacks are similar to reflected attacks, but occur when a web application uses JavaScript to dynamically modify the <a href="https://developer.mozilla.org/en-US/docs/Web/API/Document_Object_Model/Introduction" target="_blank">Document Object Model (DOM)<style data-emotion="css 1wits42">.css-1wits42{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:16px;height:16px;}.css-1wits42 >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1wits42 >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1wits42 >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1wits42 >svg{width:16px;height:16px;}</style><span role="img" aria-label="Follow" style="--icon-primary-color:currentColor;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1wits42"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M11.031 7A1.03 1.03 0 0010 8.036a1.05 1.05 0 001.044 1.045l3.121.014.014 3.121a1.05 1.05 0 001.045 1.044 1.03 1.03 0 001.036-1.035l-.019-4.161a1.053 1.053 0 00-1.045-1.045L11.035 7h-.004z"/><path d="M13.364 8.292l-7.072 7.071a1.002 1.002 0 000 1.415c.39.39 1.024.39 1.415 0l7.071-7.071A1.002 1.002 0 0014.071 8a1 1 0 00-.707.292z"/></g></svg></span></a> of a web page without properly validating or sanitizing user input.</p> <p>In a DOM-based XSS attack, the malicious data does not touch the web server. Rather, it is being reflected by the JavaScript code, fully on the client side</p> <p>Atlassian Connect and Forge apps loaded in an iframe do not have direct access to modify the DOM of the host application, since JavaScript code running inside an iframe is subject to the same-origin policy, restricting access to the host products DOM. They can however, modify the host application&#x27;s DOM through the use of the Atlassian Connect JavaScript API.</p> <h2 id="how-do-you-know-if-you-re-vulnerable-">How do you know if you’re vulnerable?<span role="presentation" class="heading-anchor-wrapper"><button class="sc-iCwjlJ bIjwqY"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span role="img" aria-label="copy" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M12.856 5.457l-.937.92a1.002 1.002 0 000 1.437 1.047 1.047 0 001.463 0l.984-.966c.967-.95 2.542-1.135 3.602-.288a2.54 2.54 0 01.203 3.81l-2.903 2.852a2.646 2.646 0 01-3.696 0l-1.11-1.09L9 13.57l1.108 1.089c1.822 1.788 4.802 1.788 6.622 0l2.905-2.852a4.558 4.558 0 00-.357-6.82c-1.893-1.517-4.695-1.226-6.422.47"/><path d="M11.144 19.543l.937-.92a1.002 1.002 0 000-1.437 1.047 1.047 0 00-1.462 0l-.985.966c-.967.95-2.542 1.135-3.602.288a2.54 2.54 0 01-.203-3.81l2.903-2.852a2.646 2.646 0 013.696 0l1.11 1.09L15 11.43l-1.108-1.089c-1.822-1.788-4.802-1.788-6.622 0l-2.905 2.852a4.558 4.558 0 00.357 6.82c1.893 1.517 4.695 1.226 6.422-.47"/></g></svg></span></button></span></h2> <p>One of the best ways to prevent XSS attacks is to perform an audit of all user inputs in your app to determine what makes its way to HTML output without being validated or encoded (there are a number of available free and paid tools to help with this including OWASP Zap and Burp Suite, to name just a couple) - see <a href="https://owasp.org/www-community/Free_for_Open_Source_Application_Security_Tools" target="_blank">Free for Open Source Application Security Tools<style data-emotion="css 1wits42">.css-1wits42{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:16px;height:16px;}.css-1wits42 >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1wits42 >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1wits42 >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1wits42 >svg{width:16px;height:16px;}</style><span role="img" aria-label="Follow" style="--icon-primary-color:currentColor;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1wits42"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M11.031 7A1.03 1.03 0 0010 8.036a1.05 1.05 0 001.044 1.045l3.121.014.014 3.121a1.05 1.05 0 001.045 1.044 1.03 1.03 0 001.036-1.035l-.019-4.161a1.053 1.053 0 00-1.045-1.045L11.035 7h-.004z"/><path d="M13.364 8.292l-7.072 7.071a1.002 1.002 0 000 1.415c.39.39 1.024.39 1.415 0l7.071-7.071A1.002 1.002 0 0014.071 8a1 1 0 00-.707.292z"/></g></svg></span></a> and <a href="https://owasp.org/www-community/Vulnerability_Scanning_Tools" target="_blank">Vulnerability Scanning Tools<style data-emotion="css 1wits42">.css-1wits42{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:16px;height:16px;}.css-1wits42 >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1wits42 >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1wits42 >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1wits42 >svg{width:16px;height:16px;}</style><span role="img" aria-label="Follow" style="--icon-primary-color:currentColor;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1wits42"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M11.031 7A1.03 1.03 0 0010 8.036a1.05 1.05 0 001.044 1.045l3.121.014.014 3.121a1.05 1.05 0 001.045 1.044 1.03 1.03 0 001.036-1.035l-.019-4.161a1.053 1.053 0 00-1.045-1.045L11.035 7h-.004z"/><path d="M13.364 8.292l-7.072 7.071a1.002 1.002 0 000 1.415c.39.39 1.024.39 1.415 0l7.071-7.071A1.002 1.002 0 0014.071 8a1 1 0 00-.707.292z"/></g></svg></span></a> for information about available tools.</p> <p>It’s also helpful to know that while modern web frameworks (React, Vue and Angular for example) often have good security practises built in - there may be times when you need to do something outside the protection offered within your framework. In these situations it’s important to use output encoding and HTML sanitization.</p> <h2 id="atlassian-cloud-platform-security">Atlassian cloud platform security<span role="presentation" class="heading-anchor-wrapper"><button class="sc-iCwjlJ bIjwqY"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span role="img" aria-label="copy" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M12.856 5.457l-.937.92a1.002 1.002 0 000 1.437 1.047 1.047 0 001.463 0l.984-.966c.967-.95 2.542-1.135 3.602-.288a2.54 2.54 0 01.203 3.81l-2.903 2.852a2.646 2.646 0 01-3.696 0l-1.11-1.09L9 13.57l1.108 1.089c1.822 1.788 4.802 1.788 6.622 0l2.905-2.852a4.558 4.558 0 00-.357-6.82c-1.893-1.517-4.695-1.226-6.422.47"/><path d="M11.144 19.543l.937-.92a1.002 1.002 0 000-1.437 1.047 1.047 0 00-1.462 0l-.985.966c-.967.95-2.542 1.135-3.602.288a2.54 2.54 0 01-.203-3.81l2.903-2.852a2.646 2.646 0 013.696 0l1.11 1.09L15 11.43l-1.108-1.089c-1.822-1.788-4.802-1.788-6.622 0l-2.905 2.852a4.558 4.558 0 00.357 6.82c1.893 1.517 4.695 1.226 6.422-.47"/></g></svg></span></button></span></h2> <h3 id="forge-ui-kit-apps">Forge UI kit apps<span role="presentation" class="heading-anchor-wrapper"><button class="sc-iCwjlJ bIjwqY"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span role="img" aria-label="copy" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M12.856 5.457l-.937.92a1.002 1.002 0 000 1.437 1.047 1.047 0 001.463 0l.984-.966c.967-.95 2.542-1.135 3.602-.288a2.54 2.54 0 01.203 3.81l-2.903 2.852a2.646 2.646 0 01-3.696 0l-1.11-1.09L9 13.57l1.108 1.089c1.822 1.788 4.802 1.788 6.622 0l2.905-2.852a4.558 4.558 0 00-.357-6.82c-1.893-1.517-4.695-1.226-6.422.47"/><path d="M11.144 19.543l.937-.92a1.002 1.002 0 000-1.437 1.047 1.047 0 00-1.462 0l-.985.966c-.967.95-2.542 1.135-3.602.288a2.54 2.54 0 01-.203-3.81l2.903-2.852a2.646 2.646 0 013.696 0l1.11 1.09L15 11.43l-1.108-1.089c-1.822-1.788-4.802-1.788-6.622 0l-2.905 2.852a4.558 4.558 0 00.357 6.82c1.893 1.517 4.695 1.226 6.422-.47"/></g></svg></span></button></span></h3> <p>Apps built with Forge UI kit use a declarative UI to build the user interface. Apps implement functions to compose UI kit components. The functions run on the server-side. Sandboxing UI functions in the UI kit makes the rendered UI secure, as no app code executes in the browser. This sandboxing also makes use of the security and isolation mechanisms that are used by the Forge back-end infrastructure.</p> <h3 id="forge-custom-ui-apps">Forge Custom UI apps<span role="presentation" class="heading-anchor-wrapper"><button class="sc-iCwjlJ bIjwqY"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span role="img" aria-label="copy" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M12.856 5.457l-.937.92a1.002 1.002 0 000 1.437 1.047 1.047 0 001.463 0l.984-.966c.967-.95 2.542-1.135 3.602-.288a2.54 2.54 0 01.203 3.81l-2.903 2.852a2.646 2.646 0 01-3.696 0l-1.11-1.09L9 13.57l1.108 1.089c1.822 1.788 4.802 1.788 6.622 0l2.905-2.852a4.558 4.558 0 00-.357-6.82c-1.893-1.517-4.695-1.226-6.422.47"/><path d="M11.144 19.543l.937-.92a1.002 1.002 0 000-1.437 1.047 1.047 0 00-1.462 0l-.985.966c-.967.95-2.542 1.135-3.602.288a2.54 2.54 0 01-.203-3.81l2.903-2.852a2.646 2.646 0 013.696 0l1.11 1.09L15 11.43l-1.108-1.089c-1.822-1.788-4.802-1.788-6.622 0l-2.905 2.852a4.558 4.558 0 00.357 6.82c1.893 1.517 4.695 1.226 6.422-.47"/></g></svg></span></button></span></h3> <p>Apps built with Forge Custom UI allow users to build their own user interface using static resources, such as HTML, CSS, JavaScript, and images. The Forge platform hosts those static resources, enabling Custom UI apps to display on Atlassian products.</p> <p>Because custom UI apps are hosted by Atlassian, these apps can enforce sandboxing of the static resources that are run in the user&#x27;s browser. This is done by using <a href="/developer-guide/building-secure-preventing-xss/#create-a-content-security-policy--csp-" target="_self">content security policy (CSP)</a> headers that provide protection against common security vulnerabilities, such as cross-site scripting (XSS) and data injection.</p> <h3 id="connect-apps">Connect apps<span role="presentation" class="heading-anchor-wrapper"><button class="sc-iCwjlJ bIjwqY"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span role="img" aria-label="copy" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M12.856 5.457l-.937.92a1.002 1.002 0 000 1.437 1.047 1.047 0 001.463 0l.984-.966c.967-.95 2.542-1.135 3.602-.288a2.54 2.54 0 01.203 3.81l-2.903 2.852a2.646 2.646 0 01-3.696 0l-1.11-1.09L9 13.57l1.108 1.089c1.822 1.788 4.802 1.788 6.622 0l2.905-2.852a4.558 4.558 0 00-.357-6.82c-1.893-1.517-4.695-1.226-6.422.47"/><path d="M11.144 19.543l.937-.92a1.002 1.002 0 000-1.437 1.047 1.047 0 00-1.462 0l-.985.966c-.967.95-2.542 1.135-3.602.288a2.54 2.54 0 01-.203-3.81l2.903-2.852a2.646 2.646 0 013.696 0l1.11 1.09L15 11.43l-1.108-1.089c-1.822-1.788-4.802-1.788-6.622 0l-2.905 2.852a4.558 4.558 0 00.357 6.82c1.893 1.517 4.695 1.226 6.422-.47"/></g></svg></span></button></span></h3> <p>The <strong>Connect app model</strong> places app content inside an iframe which provides some protection for XSS vulnerability, however connect iFrames are pre-configured to have access to functions, actions and requests within the Atlassian cloud application - which is more than what a standard iframe would normally be able to access.</p> <p>This means that the XSS vulnerabilities could result in a third party gaining access to any / all data a user has access to, as you will see in the glitch example below.</p> <p>If you’re offering your Connect App on the Atlassian Marketplace, you are required to set a <a href="/developer-guide/building-secure-preventing-xss/#create-a-content-security-policy--csp-" target="_self">Content Security Policy (CSP)</a> Header as outlined in the <a href="https://developer.atlassian.com/platform/marketplace/security-requirements/#connect-apps" target="_self">cloud app security requirements</a> policy.</p> <h2 id="how-to-protect-your-app-against-xss-attacks">How to protect your app against XSS attacks<span role="presentation" class="heading-anchor-wrapper"><button class="sc-iCwjlJ bIjwqY"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span role="img" aria-label="copy" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M12.856 5.457l-.937.92a1.002 1.002 0 000 1.437 1.047 1.047 0 001.463 0l.984-.966c.967-.95 2.542-1.135 3.602-.288a2.54 2.54 0 01.203 3.81l-2.903 2.852a2.646 2.646 0 01-3.696 0l-1.11-1.09L9 13.57l1.108 1.089c1.822 1.788 4.802 1.788 6.622 0l2.905-2.852a4.558 4.558 0 00-.357-6.82c-1.893-1.517-4.695-1.226-6.422.47"/><path d="M11.144 19.543l.937-.92a1.002 1.002 0 000-1.437 1.047 1.047 0 00-1.462 0l-.985.966c-.967.95-2.542 1.135-3.602.288a2.54 2.54 0 01-.203-3.81l2.903-2.852a2.646 2.646 0 013.696 0l1.11 1.09L15 11.43l-1.108-1.089c-1.822-1.788-4.802-1.788-6.622 0l-2.905 2.852a4.558 4.558 0 00.357 6.82c1.893 1.517 4.695 1.226 6.422-.47"/></g></svg></span></button></span></h2> <p>A successful XSS attack occurs when an attacker is able to insert and execute malicious content into a webpage, so to provide the best protection against XSS vulnerabilities in your app every input must be validated, and escaped or sanitised.</p> <h3 id="validation">Validation<span role="presentation" class="heading-anchor-wrapper"><button class="sc-iCwjlJ bIjwqY"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span role="img" aria-label="copy" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M12.856 5.457l-.937.92a1.002 1.002 0 000 1.437 1.047 1.047 0 001.463 0l.984-.966c.967-.95 2.542-1.135 3.602-.288a2.54 2.54 0 01.203 3.81l-2.903 2.852a2.646 2.646 0 01-3.696 0l-1.11-1.09L9 13.57l1.108 1.089c1.822 1.788 4.802 1.788 6.622 0l2.905-2.852a4.558 4.558 0 00-.357-6.82c-1.893-1.517-4.695-1.226-6.422.47"/><path d="M11.144 19.543l.937-.92a1.002 1.002 0 000-1.437 1.047 1.047 0 00-1.462 0l-.985.966c-.967.95-2.542 1.135-3.602.288a2.54 2.54 0 01-.203-3.81l2.903-2.852a2.646 2.646 0 013.696 0l1.11 1.09L15 11.43l-1.108-1.089c-1.822-1.788-4.802-1.788-6.622 0l-2.905 2.852a4.558 4.558 0 00.357 6.82c1.893 1.517 4.695 1.226 6.422-.47"/></g></svg></span></button></span></h3> <p>Whenever your app receives user input, you should validate it at the point when it is received.</p> <p>For example: If a user supplies a value that is expected to be an email address, validate that the only contains the expected characters</p> <p>Ideally, if an input fails validation it should be blocked. An alternative approach could be to attempt to ‘clean’ input to make it valid - however, this approach is more prone to errors and should be avoided if possible (see <a href="/developer-guide/building-secure-preventing-xss/#sanitisation" target="_self">Sanitization</a> below for more information on this).</p> <h3 id="escaping-user-inputs">Escaping user inputs<span role="presentation" class="heading-anchor-wrapper"><button class="sc-iCwjlJ bIjwqY"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span role="img" aria-label="copy" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M12.856 5.457l-.937.92a1.002 1.002 0 000 1.437 1.047 1.047 0 001.463 0l.984-.966c.967-.95 2.542-1.135 3.602-.288a2.54 2.54 0 01.203 3.81l-2.903 2.852a2.646 2.646 0 01-3.696 0l-1.11-1.09L9 13.57l1.108 1.089c1.822 1.788 4.802 1.788 6.622 0l2.905-2.852a4.558 4.558 0 00-.357-6.82c-1.893-1.517-4.695-1.226-6.422.47"/><path d="M11.144 19.543l.937-.92a1.002 1.002 0 000-1.437 1.047 1.047 0 00-1.462 0l-.985.966c-.967.95-2.542 1.135-3.602.288a2.54 2.54 0 01-.203-3.81l2.903-2.852a2.646 2.646 0 013.696 0l1.11 1.09L15 11.43l-1.108-1.089c-1.822-1.788-4.802-1.788-6.622 0l-2.905 2.852a4.558 4.558 0 00.357 6.82c1.893 1.517 4.695 1.226 6.422-.47"/></g></svg></span></button></span></h3> <p>Whenever user input data is displayed, it must be encoded/escaped to ensure characters are treated as plain text rather than executable code.</p> <div class="sc-hkaZBZ bsbZCT"><section class="sc-giOsra cWyolX"><div class="sc-jOVcOr ccUuQb"><style data-emotion="css snhnyn">.css-snhnyn{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;}.css-snhnyn &gt;svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-snhnyn &gt;svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-snhnyn &gt;svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}</style><span aria-hidden="true" style="--icon-primary-color:#006644;--icon-secondary-color:#E3FCEF" class="css-snhnyn"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><path d="M11.998 4A5.997 5.997 0 006 9.998c0 2.218 2.288 4.484 2.288 4.484.39.387.71 1.112.71 1.611 0 .499.45.907 1 .907h4c.55 0 1-.408 1-.907 0-.499.32-1.224.71-1.611 0 0 2.288-2.266 2.288-4.484A5.997 5.997 0 0011.998 4zm2.965 15c0-.55-.45-1-1-1h-4c-.55 0-1 .45-1 1v.003c0 .55.45 1 1 1h4c.55 0 1-.45 1-1V19z" fill="currentColor" fill-rule="evenodd"></path></svg></span></div><div class="sc-SFOxd KLVHW"><h1 id="what-s-the-difference-between-escaping--encoding-and-sanitising-" class="sc-jOBXIr ebpAmp">What&#x27;s the difference between escaping, encoding and sanitising?<span role="presentation" class="heading-anchor-wrapper"><button class="sc-iCwjlJ bIjwqY"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span role="img" aria-label="copy" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M12.856 5.457l-.937.92a1.002 1.002 0 000 1.437 1.047 1.047 0 001.463 0l.984-.966c.967-.95 2.542-1.135 3.602-.288a2.54 2.54 0 01.203 3.81l-2.903 2.852a2.646 2.646 0 01-3.696 0l-1.11-1.09L9 13.57l1.108 1.089c1.822 1.788 4.802 1.788 6.622 0l2.905-2.852a4.558 4.558 0 00-.357-6.82c-1.893-1.517-4.695-1.226-6.422.47"/><path d="M11.144 19.543l.937-.92a1.002 1.002 0 000-1.437 1.047 1.047 0 00-1.462 0l-.985.966c-.967.95-2.542 1.135-3.602.288a2.54 2.54 0 01-.203-3.81l2.903-2.852a2.646 2.646 0 013.696 0l1.11 1.09L15 11.43l-1.108-1.089c-1.822-1.788-4.802-1.788-6.622 0l-2.905 2.852a4.558 4.558 0 00.357 6.82c1.893 1.517 4.695 1.226 6.422-.47"/></g></svg></span></button></span></h1><div class="sc-dzOgQY RfwMt"> <p>In the security field, the term escaping is often used as a synonym for encoding, however there are some distinctions between the two.</p> <p>Input encoding is the process of replacing parts of the input that could be dangerous with a different representation, to ensure that it can be safely used by an application.</p> <p>Input escaping is a subset of encoding, the process of transforming parts of the input that could be dangerous using special characters called escape characters, so that it can be safely used by an application without it being interpreted as code.</p> <p>Input escaping and encoding are completely reversible - an encoded string can be decoded back into its original value.</p> <p>Sanitization on the other hand involves removing the parts of the input that could be dangerous entirely in order to make it safe. This process is not reversible.</p> </div></div></section></div> <p>Modern frameworks will mostly encode input by default, however there are ways to work around their in-built security which it’s useful to be aware of. Older frameworks tended to take the opposite approach - the built in security needed to be turned on explicitly.</p> <p>The table below gives some examples of safe and unsafe ways of outputting user controlled data:</p> <div class="sc-jdfcpN jMPRQO"><table node="[object Object]"><thead class="sc-eNNmBn igxxMf"><tr class="sc-eEieub jPqTBr"><th class="sc-kNBZmU lhcjXP">Framework</th><th class="sc-kNBZmU lhcjXP">Dangerous</th><th class="sc-kNBZmU lhcjXP">Safe</th></tr></thead><tbody><tr class="sc-eEieub jPqTBr"><td class="sc-eopZyb gzVyrk">Angular</td><td class="sc-eopZyb gzVyrk"><span class="sc-jdeSqf cQNBrn"><span style="font-family:function () { return &quot;&#x27;SFMono-Medium&#x27;, &#x27;SF Mono&#x27;, &#x27;Segoe UI Mono&#x27;, &#x27;Roboto Mono&#x27;, &#x27;Ubuntu Mono&#x27;, Menlo, Consolas, Courier, monospace&quot;; };font-size:inherit;background:#F4F5F7;color:#172B4D;border-radius:3px;display:inline;overflow-x:auto;white-space:pre-wrap;padding:2px 4px;line-height:inherit"><code>bypassSecurityTrustHtml()</code></span></span> or <span class="sc-jdeSqf cQNBrn"><span style="font-family:function () { return &quot;&#x27;SFMono-Medium&#x27;, &#x27;SF Mono&#x27;, &#x27;Segoe UI Mono&#x27;, &#x27;Roboto Mono&#x27;, &#x27;Ubuntu Mono&#x27;, Menlo, Consolas, Courier, monospace&quot;; };font-size:inherit;background:#F4F5F7;color:#172B4D;border-radius:3px;display:inline;overflow-x:auto;white-space:pre-wrap;padding:2px 4px;line-height:inherit"><code>trustAsHtml()</code></span></span> or <span class="sc-jdeSqf cQNBrn"><span style="font-family:function () { return &quot;&#x27;SFMono-Medium&#x27;, &#x27;SF Mono&#x27;, &#x27;Segoe UI Mono&#x27;, &#x27;Roboto Mono&#x27;, &#x27;Ubuntu Mono&#x27;, Menlo, Consolas, Courier, monospace&quot;; };font-size:inherit;background:#F4F5F7;color:#172B4D;border-radius:3px;display:inline;overflow-x:auto;white-space:pre-wrap;padding:2px 4px;line-height:inherit"><code>ElementRef</code></span></span></td><td class="sc-eopZyb gzVyrk">otherwise secure by default (including <span class="sc-jdeSqf cQNBrn"><span style="font-family:function () { return &quot;&#x27;SFMono-Medium&#x27;, &#x27;SF Mono&#x27;, &#x27;Segoe UI Mono&#x27;, &#x27;Roboto Mono&#x27;, &#x27;Ubuntu Mono&#x27;, Menlo, Consolas, Courier, monospace&quot;; };font-size:inherit;background:#F4F5F7;color:#172B4D;border-radius:3px;display:inline;overflow-x:auto;white-space:pre-wrap;padding:2px 4px;line-height:inherit"><code>innerHTML</code></span></span>)</td></tr><tr class="sc-eEieub jPqTBr"><td class="sc-eopZyb gzVyrk">Javascript</td><td class="sc-eopZyb gzVyrk"><span class="sc-jdeSqf cQNBrn"><span style="font-family:function () { return &quot;&#x27;SFMono-Medium&#x27;, &#x27;SF Mono&#x27;, &#x27;Segoe UI Mono&#x27;, &#x27;Roboto Mono&#x27;, &#x27;Ubuntu Mono&#x27;, Menlo, Consolas, Courier, monospace&quot;; };font-size:inherit;background:#F4F5F7;color:#172B4D;border-radius:3px;display:inline;overflow-x:auto;white-space:pre-wrap;padding:2px 4px;line-height:inherit"><code>innerHTML</code></span></span></td><td class="sc-eopZyb gzVyrk"><span class="sc-jdeSqf cQNBrn"><span style="font-family:function () { return &quot;&#x27;SFMono-Medium&#x27;, &#x27;SF Mono&#x27;, &#x27;Segoe UI Mono&#x27;, &#x27;Roboto Mono&#x27;, &#x27;Ubuntu Mono&#x27;, Menlo, Consolas, Courier, monospace&quot;; };font-size:inherit;background:#F4F5F7;color:#172B4D;border-radius:3px;display:inline;overflow-x:auto;white-space:pre-wrap;padding:2px 4px;line-height:inherit"><code>innerText</code></span></span></td></tr><tr class="sc-eEieub jPqTBr"><td class="sc-eopZyb gzVyrk">jQuery</td><td class="sc-eopZyb gzVyrk"><span class="sc-jdeSqf cQNBrn"><span style="font-family:function () { return &quot;&#x27;SFMono-Medium&#x27;, &#x27;SF Mono&#x27;, &#x27;Segoe UI Mono&#x27;, &#x27;Roboto Mono&#x27;, &#x27;Ubuntu Mono&#x27;, Menlo, Consolas, Courier, monospace&quot;; };font-size:inherit;background:#F4F5F7;color:#172B4D;border-radius:3px;display:inline;overflow-x:auto;white-space:pre-wrap;padding:2px 4px;line-height:inherit"><code>html()</code></span></span></td><td class="sc-eopZyb gzVyrk"><span class="sc-jdeSqf cQNBrn"><span style="font-family:function () { return &quot;&#x27;SFMono-Medium&#x27;, &#x27;SF Mono&#x27;, &#x27;Segoe UI Mono&#x27;, &#x27;Roboto Mono&#x27;, &#x27;Ubuntu Mono&#x27;, Menlo, Consolas, Courier, monospace&quot;; };font-size:inherit;background:#F4F5F7;color:#172B4D;border-radius:3px;display:inline;overflow-x:auto;white-space:pre-wrap;padding:2px 4px;line-height:inherit"><code>text()</code></span></span></td></tr><tr class="sc-eEieub jPqTBr"><td class="sc-eopZyb gzVyrk">JSP</td><td class="sc-eopZyb gzVyrk"><span class="sc-jdeSqf cQNBrn"><span style="font-family:function () { return &quot;&#x27;SFMono-Medium&#x27;, &#x27;SF Mono&#x27;, &#x27;Segoe UI Mono&#x27;, &#x27;Roboto Mono&#x27;, &#x27;Ubuntu Mono&#x27;, Menlo, Consolas, Courier, monospace&quot;; };font-size:inherit;background:#F4F5F7;color:#172B4D;border-radius:3px;display:inline;overflow-x:auto;white-space:pre-wrap;padding:2px 4px;line-height:inherit"><code>${variable}</code></span></span></td><td class="sc-eopZyb gzVyrk"><span class="sc-jdeSqf cQNBrn"><span style="font-family:function () { return &quot;&#x27;SFMono-Medium&#x27;, &#x27;SF Mono&#x27;, &#x27;Segoe UI Mono&#x27;, &#x27;Roboto Mono&#x27;, &#x27;Ubuntu Mono&#x27;, Menlo, Consolas, Courier, monospace&quot;; };font-size:inherit;background:#F4F5F7;color:#172B4D;border-radius:3px;display:inline;overflow-x:auto;white-space:pre-wrap;padding:2px 4px;line-height:inherit"><code>&lt;c:out value=&quot;${variable}&quot;&gt;</code></span></span> or <span class="sc-jdeSqf cQNBrn"><span style="font-family:function () { return &quot;&#x27;SFMono-Medium&#x27;, &#x27;SF Mono&#x27;, &#x27;Segoe UI Mono&#x27;, &#x27;Roboto Mono&#x27;, &#x27;Ubuntu Mono&#x27;, Menlo, Consolas, Courier, monospace&quot;; };font-size:inherit;background:#F4F5F7;color:#172B4D;border-radius:3px;display:inline;overflow-x:auto;white-space:pre-wrap;padding:2px 4px;line-height:inherit"><code>${fn:escapeXml(variable)}</code></span></span></td></tr><tr class="sc-eEieub jPqTBr"><td class="sc-eopZyb gzVyrk">React</td><td class="sc-eopZyb gzVyrk"><span class="sc-jdeSqf cQNBrn"><span style="font-family:function () { return &quot;&#x27;SFMono-Medium&#x27;, &#x27;SF Mono&#x27;, &#x27;Segoe UI Mono&#x27;, &#x27;Roboto Mono&#x27;, &#x27;Ubuntu Mono&#x27;, Menlo, Consolas, Courier, monospace&quot;; };font-size:inherit;background:#F4F5F7;color:#172B4D;border-radius:3px;display:inline;overflow-x:auto;white-space:pre-wrap;padding:2px 4px;line-height:inherit"><code>dangerouslySetInnerHTML</code></span></span>, <span class="sc-jdeSqf cQNBrn"><span style="font-family:function () { return &quot;&#x27;SFMono-Medium&#x27;, &#x27;SF Mono&#x27;, &#x27;Segoe UI Mono&#x27;, &#x27;Roboto Mono&#x27;, &#x27;Ubuntu Mono&#x27;, Menlo, Consolas, Courier, monospace&quot;; };font-size:inherit;background:#F4F5F7;color:#172B4D;border-radius:3px;display:inline;overflow-x:auto;white-space:pre-wrap;padding:2px 4px;line-height:inherit"><code>findDOMNode</code></span></span>, <span class="sc-jdeSqf cQNBrn"><span style="font-family:function () { return &quot;&#x27;SFMono-Medium&#x27;, &#x27;SF Mono&#x27;, &#x27;Segoe UI Mono&#x27;, &#x27;Roboto Mono&#x27;, &#x27;Ubuntu Mono&#x27;, Menlo, Consolas, Courier, monospace&quot;; };font-size:inherit;background:#F4F5F7;color:#172B4D;border-radius:3px;display:inline;overflow-x:auto;white-space:pre-wrap;padding:2px 4px;line-height:inherit"><code>createRef</code></span></span></td><td class="sc-eopZyb gzVyrk">otherwise secure by default</td></tr></tbody></table></div> <h3 id="sanitization">Sanitization<span role="presentation" class="heading-anchor-wrapper"><button class="sc-iCwjlJ bIjwqY"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span role="img" aria-label="copy" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M12.856 5.457l-.937.92a1.002 1.002 0 000 1.437 1.047 1.047 0 001.463 0l.984-.966c.967-.95 2.542-1.135 3.602-.288a2.54 2.54 0 01.203 3.81l-2.903 2.852a2.646 2.646 0 01-3.696 0l-1.11-1.09L9 13.57l1.108 1.089c1.822 1.788 4.802 1.788 6.622 0l2.905-2.852a4.558 4.558 0 00-.357-6.82c-1.893-1.517-4.695-1.226-6.422.47"/><path d="M11.144 19.543l.937-.92a1.002 1.002 0 000-1.437 1.047 1.047 0 00-1.462 0l-.985.966c-.967.95-2.542 1.135-3.602.288a2.54 2.54 0 01-.203-3.81l2.903-2.852a2.646 2.646 0 013.696 0l1.11 1.09L15 11.43l-1.108-1.089c-1.822-1.788-4.802-1.788-6.622 0l-2.905 2.852a4.558 4.558 0 00.357 6.82c1.893 1.517 4.695 1.226 6.422-.47"/></g></svg></span></button></span></h3> <p>Sanitization is the process of making user input safe by entirely removing potentially malicious characters. It differs to Encoding because it involves removing parts of the data.</p> <p>Sanitization can be difficult to implement well - the process is considered to be complex, and prone to errors.</p> <p>So, when would you want to use Sanitization over Encoding / Escaping?</p> <p>There are sometimes cases where you might want to work with un-escaped HTML. While the recommendation is to avoid it wherever possible, or considering an alternative approach such as Transpiling HTML from another markup language, I have provided some guidance</p> <h4 id="html-sanitization">HTML sanitization<span role="presentation" class="heading-anchor-wrapper"><button class="sc-iCwjlJ bIjwqY"><style data-emotion="css 1wits42">.css-1wits42{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:16px;height:16px;}.css-1wits42 >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1wits42 >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1wits42 >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1wits42 >svg{width:16px;height:16px;}</style><span role="img" aria-label="copy" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1wits42"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M12.856 5.457l-.937.92a1.002 1.002 0 000 1.437 1.047 1.047 0 001.463 0l.984-.966c.967-.95 2.542-1.135 3.602-.288a2.54 2.54 0 01.203 3.81l-2.903 2.852a2.646 2.646 0 01-3.696 0l-1.11-1.09L9 13.57l1.108 1.089c1.822 1.788 4.802 1.788 6.622 0l2.905-2.852a4.558 4.558 0 00-.357-6.82c-1.893-1.517-4.695-1.226-6.422.47"/><path d="M11.144 19.543l.937-.92a1.002 1.002 0 000-1.437 1.047 1.047 0 00-1.462 0l-.985.966c-.967.95-2.542 1.135-3.602.288a2.54 2.54 0 01-.203-3.81l2.903-2.852a2.646 2.646 0 013.696 0l1.11 1.09L15 11.43l-1.108-1.089c-1.822-1.788-4.802-1.788-6.622 0l-2.905 2.852a4.558 4.558 0 00.357 6.82c1.893 1.517 4.695 1.226 6.422-.47"/></g></svg></span></button></span></h4> <p>Sanitization of HTML involves removing potentially malicious content, typically based on an <strong>allow list</strong> of elements and attributes, and a <strong>deny list</strong> of attribute values. This is very hard to get right, browsers are constantly evolving and so does their functionality, and with those changes possible vectors for malicious code are discovered.</p> <p>For that reason, if working with user-defined HTML we suggest you consider:</p> <ul> <li>Using a framework that handles output encoding for you, or</li> <li>Using a tool such as <a href="https://github.com/cure53/DOMPurify" target="_blank">DOMPurify<style data-emotion="css 1wits42">.css-1wits42{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:16px;height:16px;}.css-1wits42 >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1wits42 >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1wits42 >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1wits42 >svg{width:16px;height:16px;}</style><span role="img" aria-label="Follow" style="--icon-primary-color:currentColor;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1wits42"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M11.031 7A1.03 1.03 0 0010 8.036a1.05 1.05 0 001.044 1.045l3.121.014.014 3.121a1.05 1.05 0 001.045 1.044 1.03 1.03 0 001.036-1.035l-.019-4.161a1.053 1.053 0 00-1.045-1.045L11.035 7h-.004z"/><path d="M13.364 8.292l-7.072 7.071a1.002 1.002 0 000 1.415c.39.39 1.024.39 1.415 0l7.071-7.071A1.002 1.002 0 0014.071 8a1 1 0 00-.707.292z"/></g></svg></span></a> to sanitise your content</li> </ul> <div class="sc-hkaZBZ bsbZCT"><section class="sc-giOsra hEREHr"><div class="sc-jOVcOr ccUuQb"><style data-emotion="css snhnyn">.css-snhnyn{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;}.css-snhnyn &gt;svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-snhnyn &gt;svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-snhnyn &gt;svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}</style><span aria-hidden="true" style="--icon-primary-color:#FF8B00;--icon-secondary-color:#FFFAE6" class="css-snhnyn"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill-rule="evenodd"><path d="M12.938 4.967c-.518-.978-1.36-.974-1.876 0L3.938 18.425c-.518.978-.045 1.771 1.057 1.771h14.01c1.102 0 1.573-.797 1.057-1.771L12.938 4.967z" fill="currentColor"></path><path d="M12 15a1 1 0 01-1-1V9a1 1 0 012 0v5a1 1 0 01-1 1m0 3a1 1 0 010-2 1 1 0 010 2" fill="inherit"></path></g></svg></span></div><div class="sc-SFOxd KLVHW"><h1 id="important" class="sc-jOBXIr ebpAmp">Important<span role="presentation" class="heading-anchor-wrapper"><button class="sc-iCwjlJ bIjwqY"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span role="img" aria-label="copy" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M12.856 5.457l-.937.92a1.002 1.002 0 000 1.437 1.047 1.047 0 001.463 0l.984-.966c.967-.95 2.542-1.135 3.602-.288a2.54 2.54 0 01.203 3.81l-2.903 2.852a2.646 2.646 0 01-3.696 0l-1.11-1.09L9 13.57l1.108 1.089c1.822 1.788 4.802 1.788 6.622 0l2.905-2.852a4.558 4.558 0 00-.357-6.82c-1.893-1.517-4.695-1.226-6.422.47"/><path d="M11.144 19.543l.937-.92a1.002 1.002 0 000-1.437 1.047 1.047 0 00-1.462 0l-.985.966c-.967.95-2.542 1.135-3.602.288a2.54 2.54 0 01-.203-3.81l2.903-2.852a2.646 2.646 0 013.696 0l1.11 1.09L15 11.43l-1.108-1.089c-1.822-1.788-4.802-1.788-6.622 0l-2.905 2.852a4.558 4.558 0 00.357 6.82c1.893 1.517 4.695 1.226 6.422-.47"/></g></svg></span></button></span></h1><div class="sc-dzOgQY RfwMt"> You must regularly patch DOMPurify or other HTML Sanitization libraries that you use. Browsers change functionality and bypasses are being discovered regularly. </div></div></section></div> <h3 id="create-a-content-security-policy--csp-">Create a Content Security Policy (CSP)<span role="presentation" class="heading-anchor-wrapper"><button class="sc-iCwjlJ bIjwqY"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span role="img" aria-label="copy" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M12.856 5.457l-.937.92a1.002 1.002 0 000 1.437 1.047 1.047 0 001.463 0l.984-.966c.967-.95 2.542-1.135 3.602-.288a2.54 2.54 0 01.203 3.81l-2.903 2.852a2.646 2.646 0 01-3.696 0l-1.11-1.09L9 13.57l1.108 1.089c1.822 1.788 4.802 1.788 6.622 0l2.905-2.852a4.558 4.558 0 00-.357-6.82c-1.893-1.517-4.695-1.226-6.422.47"/><path d="M11.144 19.543l.937-.92a1.002 1.002 0 000-1.437 1.047 1.047 0 00-1.462 0l-.985.966c-.967.95-2.542 1.135-3.602.288a2.54 2.54 0 01-.203-3.81l2.903-2.852a2.646 2.646 0 013.696 0l1.11 1.09L15 11.43l-1.108-1.089c-1.822-1.788-4.802-1.788-6.622 0l-2.905 2.852a4.558 4.558 0 00.357 6.82c1.893 1.517 4.695 1.226 6.422-.47"/></g></svg></span></button></span></h3> <p>A Content Security Policy is an added layer of security that helps to detect and mitigate certain types of attacks including Cross-Site scripting attacks.</p> <ul> <li><a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP" target="_blank">Learn more about implementing a Content Security Policy<style data-emotion="css 1wits42">.css-1wits42{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:16px;height:16px;}.css-1wits42 >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1wits42 >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1wits42 >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1wits42 >svg{width:16px;height:16px;}</style><span role="img" aria-label="Follow" style="--icon-primary-color:currentColor;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1wits42"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M11.031 7A1.03 1.03 0 0010 8.036a1.05 1.05 0 001.044 1.045l3.121.014.014 3.121a1.05 1.05 0 001.045 1.044 1.03 1.03 0 001.036-1.035l-.019-4.161a1.053 1.053 0 00-1.045-1.045L11.035 7h-.004z"/><path d="M13.364 8.292l-7.072 7.071a1.002 1.002 0 000 1.415c.39.39 1.024.39 1.415 0l7.071-7.071A1.002 1.002 0 0014.071 8a1 1 0 00-.707.292z"/></g></svg></span></a></li> <li><a href="https://developer.atlassian.com/platform/forge/add-content-security-and-egress-controls/" target="_self">Using Content Security Policies in Forge</a></li> </ul> <h2 id="example-app-with-xss-vulnerabilities">Example app with XSS vulnerabilities<span role="presentation" class="heading-anchor-wrapper"><button class="sc-iCwjlJ bIjwqY"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span role="img" aria-label="copy" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M12.856 5.457l-.937.92a1.002 1.002 0 000 1.437 1.047 1.047 0 001.463 0l.984-.966c.967-.95 2.542-1.135 3.602-.288a2.54 2.54 0 01.203 3.81l-2.903 2.852a2.646 2.646 0 01-3.696 0l-1.11-1.09L9 13.57l1.108 1.089c1.822 1.788 4.802 1.788 6.622 0l2.905-2.852a4.558 4.558 0 00-.357-6.82c-1.893-1.517-4.695-1.226-6.422.47"/><path d="M11.144 19.543l.937-.92a1.002 1.002 0 000-1.437 1.047 1.047 0 00-1.462 0l-.985.966c-.967.95-2.542 1.135-3.602.288a2.54 2.54 0 01-.203-3.81l2.903-2.852a2.646 2.646 0 013.696 0l1.11 1.09L15 11.43l-1.108-1.089c-1.822-1.788-4.802-1.788-6.622 0l-2.905 2.852a4.558 4.558 0 00.357 6.82c1.893 1.517 4.695 1.226 6.422-.47"/></g></svg></span></button></span></h2> <p>We’ve built a very simple connect app in Glitch to show how an XSS vulnerability might occur, and provided examples of steps taken to validate, sanitise and escape the input to prevent the vulnerability.</p> <p>Warning: Do not install this app on any site that contains sensitive data. We strongly encourage you to either use an existing development / testing cloud instance or to create a new temporary cloud instance on which to experiment with this app.</p> <p>Go to <a href="https://glitch.com/edit/#!/atlassian-connect-xss-demo" target="_blank">https://glitch.com/edit/#!/atlassian-connect-xss-demo<style data-emotion="css 1wits42">.css-1wits42{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:16px;height:16px;}.css-1wits42 >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1wits42 >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1wits42 >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1wits42 >svg{width:16px;height:16px;}</style><span role="img" aria-label="Follow" style="--icon-primary-color:currentColor;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1wits42"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M11.031 7A1.03 1.03 0 0010 8.036a1.05 1.05 0 001.044 1.045l3.121.014.014 3.121a1.05 1.05 0 001.045 1.044 1.03 1.03 0 001.036-1.035l-.019-4.161a1.053 1.053 0 00-1.045-1.045L11.035 7h-.004z"/><path d="M13.364 8.292l-7.072 7.071a1.002 1.002 0 000 1.415c.39.39 1.024.39 1.415 0l7.071-7.071A1.002 1.002 0 0014.071 8a1 1 0 00-.707.292z"/></g></svg></span></a> to try it out.</p> <h2 id="further-reading">Further reading<span role="presentation" class="heading-anchor-wrapper"><button class="sc-iCwjlJ bIjwqY"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span role="img" aria-label="copy" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M12.856 5.457l-.937.92a1.002 1.002 0 000 1.437 1.047 1.047 0 001.463 0l.984-.966c.967-.95 2.542-1.135 3.602-.288a2.54 2.54 0 01.203 3.81l-2.903 2.852a2.646 2.646 0 01-3.696 0l-1.11-1.09L9 13.57l1.108 1.089c1.822 1.788 4.802 1.788 6.622 0l2.905-2.852a4.558 4.558 0 00-.357-6.82c-1.893-1.517-4.695-1.226-6.422.47"/><path d="M11.144 19.543l.937-.92a1.002 1.002 0 000-1.437 1.047 1.047 0 00-1.462 0l-.985.966c-.967.95-2.542 1.135-3.602.288a2.54 2.54 0 01-.203-3.81l2.903-2.852a2.646 2.646 0 013.696 0l1.11 1.09L15 11.43l-1.108-1.089c-1.822-1.788-4.802-1.788-6.622 0l-2.905 2.852a4.558 4.558 0 00.357 6.82c1.893 1.517 4.695 1.226 6.422-.47"/></g></svg></span></button></span></h2> <p>If you&#x27;d like to learn more about the topics on this page, the following pages are a great place to start.</p> <p><a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html" target="_blank">OWASP Cheat Sheet Series: Cross Site Scripting Prevention<style data-emotion="css 1wits42">.css-1wits42{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:16px;height:16px;}.css-1wits42 >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1wits42 >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1wits42 >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1wits42 >svg{width:16px;height:16px;}</style><span role="img" aria-label="Follow" style="--icon-primary-color:currentColor;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1wits42"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M11.031 7A1.03 1.03 0 0010 8.036a1.05 1.05 0 001.044 1.045l3.121.014.014 3.121a1.05 1.05 0 001.045 1.044 1.03 1.03 0 001.036-1.035l-.019-4.161a1.053 1.053 0 00-1.045-1.045L11.035 7h-.004z"/><path d="M13.364 8.292l-7.072 7.071a1.002 1.002 0 000 1.415c.39.39 1.024.39 1.415 0l7.071-7.071A1.002 1.002 0 0014.071 8a1 1 0 00-.707.292z"/></g></svg></span></a></p> <p><a href="https://portswigger.net/web-security/cross-site-scripting/preventing" target="_blank">Portswigger: How to prevent XSS<style data-emotion="css 1wits42">.css-1wits42{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:16px;height:16px;}.css-1wits42 >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1wits42 >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1wits42 >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1wits42 >svg{width:16px;height:16px;}</style><span role="img" aria-label="Follow" style="--icon-primary-color:currentColor;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1wits42"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M11.031 7A1.03 1.03 0 0010 8.036a1.05 1.05 0 001.044 1.045l3.121.014.014 3.121a1.05 1.05 0 001.045 1.044 1.03 1.03 0 001.036-1.035l-.019-4.161a1.053 1.053 0 00-1.045-1.045L11.035 7h-.004z"/><path d="M13.364 8.292l-7.072 7.071a1.002 1.002 0 000 1.415c.39.39 1.024.39 1.415 0l7.071-7.071A1.002 1.002 0 0014.071 8a1 1 0 00-.707.292z"/></g></svg></span></a></p> <p><a href="https://web.dev/csp/" target="_blank">web.dev: Content security policy<style data-emotion="css 1wits42">.css-1wits42{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:16px;height:16px;}.css-1wits42 >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1wits42 >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1wits42 >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1wits42 >svg{width:16px;height:16px;}</style><span role="img" aria-label="Follow" style="--icon-primary-color:currentColor;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1wits42"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><g fill="currentColor" fill-rule="evenodd"><path d="M11.031 7A1.03 1.03 0 0010 8.036a1.05 1.05 0 001.044 1.045l3.121.014.014 3.121a1.05 1.05 0 001.045 1.044 1.03 1.03 0 001.036-1.035l-.019-4.161a1.053 1.053 0 00-1.045-1.045L11.035 7h-.004z"/><path d="M13.364 8.292l-7.072 7.071a1.002 1.002 0 000 1.415c.39.39 1.024.39 1.415 0l7.071-7.071A1.002 1.002 0 0014.071 8a1 1 0 00-.707.292z"/></g></svg></span></a></p></div><div class="sc-dCVVYJ rJVhP"><div class="sc-hARARD hrxrbx"><p class="sc-ccLTTT gfLKuW">Rate this page:</p><style data-emotion-css="fwv93l">.css-fwv93l{display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;font-size:0;}.css-fwv93l [data-rating-icon-checked]{display:inline-block;}.css-fwv93l [data-rating-icon]{display:none;}.css-fwv93l label:hover ~ label [data-rating-icon-checked][data-rating-icon-checked],.css-fwv93l input:checked ~ label [data-rating-icon-checked]{display:none;}.css-fwv93l label:hover ~ label [data-rating-icon][data-rating-icon],.css-fwv93l input:checked ~ label [data-rating-icon]{display:inline-block;}.css-fwv93l:hover [data-rating-icon-checked][data-rating-icon-checked]{display:inline-block;}.css-fwv93l:hover [data-rating-icon][data-rating-icon]{display:none;}</style><div class="css-fwv93l"><style data-emotion-css="i9qcsw">.css-i9qcsw{border:0 !important;-webkit-clip:rect(1px,1px,1px,1px) !important;clip:rect(1px,1px,1px,1px) !important;height:1px !important;overflow:hidden !important;padding:0 !important;position:absolute !important;width:1px !important;white-space:nowrap !important;}</style><label for="rating-bottom--empty" class="css-i9qcsw"></label><input type="radio" id="rating-bottom--empty" name="rating-bottom" checked="" class="css-i9qcsw"/><label for="rating-bottom--0" style="transition:transform 100ms cubic-bezier(0.15,1,0.3,1)"><div role="presentation"><div><span class="css-i9qcsw">Unusable</span><span aria-hidden="true" data-rating-icon="true"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span aria-hidden="true" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><path d="M12 16.373l3.98 2.193-.76-4.655 3.276-3.347-4.524-.69L12 5.687l-1.972 4.189-4.524.689L8.78 13.91l-.762 4.655L12 16.373zm0 2.283l-3.016 1.662a2 2 0 01-2.939-2.075l.599-3.656-2.57-2.624a2 2 0 011.129-3.377l3.47-.528 1.518-3.224a2 2 0 013.618 0l1.519 3.224 3.47.528a2 2 0 011.127 3.377l-2.569 2.624.599 3.656a2 2 0 01-2.94 2.075L12 18.656z" fill="currentColor"/></svg></span></span><span aria-hidden="true" data-rating-icon-checked="true"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span aria-hidden="true" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><path d="M12.072 17.284l-3.905 2.053a1 1 0 01-1.451-1.054l.745-4.349-3.159-3.08a1 1 0 01.554-1.705l4.366-.635 1.953-3.956a1 1 0 011.794 0l1.952 3.956 4.366.635a1 1 0 01.555 1.705l-3.16 3.08.746 4.349a1 1 0 01-1.45 1.054l-3.906-2.053z" fill="currentColor" fill-rule="evenodd"/></svg></span></span></div></div></label><input type="radio" id="rating-bottom--0" value="1" name="rating-bottom" class="css-i9qcsw"/><label for="rating-bottom--1" style="transition:transform 100ms cubic-bezier(0.15,1,0.3,1)"><div role="presentation"><div><span class="css-i9qcsw">Poor</span><span aria-hidden="true" data-rating-icon="true"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span aria-hidden="true" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><path d="M12 16.373l3.98 2.193-.76-4.655 3.276-3.347-4.524-.69L12 5.687l-1.972 4.189-4.524.689L8.78 13.91l-.762 4.655L12 16.373zm0 2.283l-3.016 1.662a2 2 0 01-2.939-2.075l.599-3.656-2.57-2.624a2 2 0 011.129-3.377l3.47-.528 1.518-3.224a2 2 0 013.618 0l1.519 3.224 3.47.528a2 2 0 011.127 3.377l-2.569 2.624.599 3.656a2 2 0 01-2.94 2.075L12 18.656z" fill="currentColor"/></svg></span></span><span aria-hidden="true" data-rating-icon-checked="true"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span aria-hidden="true" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><path d="M12.072 17.284l-3.905 2.053a1 1 0 01-1.451-1.054l.745-4.349-3.159-3.08a1 1 0 01.554-1.705l4.366-.635 1.953-3.956a1 1 0 011.794 0l1.952 3.956 4.366.635a1 1 0 01.555 1.705l-3.16 3.08.746 4.349a1 1 0 01-1.45 1.054l-3.906-2.053z" fill="currentColor" fill-rule="evenodd"/></svg></span></span></div></div></label><input type="radio" id="rating-bottom--1" value="2" name="rating-bottom" class="css-i9qcsw"/><label for="rating-bottom--2" style="transition:transform 100ms cubic-bezier(0.15,1,0.3,1)"><div role="presentation"><div><span class="css-i9qcsw">Okay</span><span aria-hidden="true" data-rating-icon="true"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span aria-hidden="true" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><path d="M12 16.373l3.98 2.193-.76-4.655 3.276-3.347-4.524-.69L12 5.687l-1.972 4.189-4.524.689L8.78 13.91l-.762 4.655L12 16.373zm0 2.283l-3.016 1.662a2 2 0 01-2.939-2.075l.599-3.656-2.57-2.624a2 2 0 011.129-3.377l3.47-.528 1.518-3.224a2 2 0 013.618 0l1.519 3.224 3.47.528a2 2 0 011.127 3.377l-2.569 2.624.599 3.656a2 2 0 01-2.94 2.075L12 18.656z" fill="currentColor"/></svg></span></span><span aria-hidden="true" data-rating-icon-checked="true"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span aria-hidden="true" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><path d="M12.072 17.284l-3.905 2.053a1 1 0 01-1.451-1.054l.745-4.349-3.159-3.08a1 1 0 01.554-1.705l4.366-.635 1.953-3.956a1 1 0 011.794 0l1.952 3.956 4.366.635a1 1 0 01.555 1.705l-3.16 3.08.746 4.349a1 1 0 01-1.45 1.054l-3.906-2.053z" fill="currentColor" fill-rule="evenodd"/></svg></span></span></div></div></label><input type="radio" id="rating-bottom--2" value="3" name="rating-bottom" class="css-i9qcsw"/><label for="rating-bottom--3" style="transition:transform 100ms cubic-bezier(0.15,1,0.3,1)"><div role="presentation"><div><span class="css-i9qcsw">Good</span><span aria-hidden="true" data-rating-icon="true"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span aria-hidden="true" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><path d="M12 16.373l3.98 2.193-.76-4.655 3.276-3.347-4.524-.69L12 5.687l-1.972 4.189-4.524.689L8.78 13.91l-.762 4.655L12 16.373zm0 2.283l-3.016 1.662a2 2 0 01-2.939-2.075l.599-3.656-2.57-2.624a2 2 0 011.129-3.377l3.47-.528 1.518-3.224a2 2 0 013.618 0l1.519 3.224 3.47.528a2 2 0 011.127 3.377l-2.569 2.624.599 3.656a2 2 0 01-2.94 2.075L12 18.656z" fill="currentColor"/></svg></span></span><span aria-hidden="true" data-rating-icon-checked="true"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span aria-hidden="true" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><path d="M12.072 17.284l-3.905 2.053a1 1 0 01-1.451-1.054l.745-4.349-3.159-3.08a1 1 0 01.554-1.705l4.366-.635 1.953-3.956a1 1 0 011.794 0l1.952 3.956 4.366.635a1 1 0 01.555 1.705l-3.16 3.08.746 4.349a1 1 0 01-1.45 1.054l-3.906-2.053z" fill="currentColor" fill-rule="evenodd"/></svg></span></span></div></div></label><input type="radio" id="rating-bottom--3" value="4" name="rating-bottom" class="css-i9qcsw"/><label for="rating-bottom--4" style="transition:transform 100ms cubic-bezier(0.15,1,0.3,1)"><div role="presentation"><div><span class="css-i9qcsw">Excellent</span><span aria-hidden="true" data-rating-icon="true"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span aria-hidden="true" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><path d="M12 16.373l3.98 2.193-.76-4.655 3.276-3.347-4.524-.69L12 5.687l-1.972 4.189-4.524.689L8.78 13.91l-.762 4.655L12 16.373zm0 2.283l-3.016 1.662a2 2 0 01-2.939-2.075l.599-3.656-2.57-2.624a2 2 0 011.129-3.377l3.47-.528 1.518-3.224a2 2 0 013.618 0l1.519 3.224 3.47.528a2 2 0 011.127 3.377l-2.569 2.624.599 3.656a2 2 0 01-2.94 2.075L12 18.656z" fill="currentColor"/></svg></span></span><span aria-hidden="true" data-rating-icon-checked="true"><style data-emotion="css 1afrefi">.css-1afrefi{display:inline-block;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;line-height:1;width:24px;height:24px;}.css-1afrefi >svg{overflow:hidden;pointer-events:none;max-width:100%;max-height:100%;color:var(--icon-primary-color);fill:var(--icon-secondary-color);vertical-align:bottom;}.css-1afrefi >svg stop{stop-color:currentColor;}@media screen and (forced-colors: active){.css-1afrefi >svg{-webkit-filter:grayscale(1);filter:grayscale(1);--icon-primary-color:CanvasText;--icon-secondary-color:Canvas;}}.css-1afrefi >svg{width:24px;height:24px;}</style><span aria-hidden="true" style="--icon-primary-color:#6B778C;--icon-secondary-color:var(--ds-surface, #FFFFFF)" class="css-1afrefi"><svg width="24" height="24" viewBox="0 0 24 24" role="presentation"><path d="M12.072 17.284l-3.905 2.053a1 1 0 01-1.451-1.054l.745-4.349-3.159-3.08a1 1 0 01.554-1.705l4.366-.635 1.953-3.956a1 1 0 011.794 0l1.952 3.956 4.366.635a1 1 0 01.555 1.705l-3.16 3.08.746 4.349a1 1 0 01-1.45 1.054l-3.906-2.053z" fill="currentColor" fill-rule="evenodd"/></svg></span></span></div></div></label><input type="radio" id="rating-bottom--4" value="5" name="rating-bottom" class="css-i9qcsw"/></div></div><div class="sc-eNPDpu iARtDw"></div></div></div></div></div><div class="sc-eNPDpu iARtDw"></div></div></div><div class="sc-jUpvKA kmRqgF"><footer class="sc-hvvHee APFeF"><div class="sc-eSePXt hbQcmX sc-fvLVrH dUcFyG"><a class="sc-iIHjhz RSHIw" href="https://www.atlassian.com/"><style data-emotion="css 1gskvga">.css-1gskvga{display:inline-block;position:relative;color:var(--logo-color);fill:var(--logo-fill);line-height:1;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;white-space:normal;height:24px;}.css-1gskvga >svg{height:100%;fill:inherit;}.css-1gskvga stop{stop-color:currentColor;}</style><span style="--logo-color:#5E6C84;--logo-fill:#5E6C84" aria-label="Atlassian" role="img" class="css-1gskvga"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 198 32" focusable="false" aria-hidden="true" height="32" fill="none"> <path fill=#5E6C84 d="M22.878 24.378 12.293 3.208c-.208-.458-.416-.541-.666-.541-.209 0-.459.083-.709.5-1.5 2.375-2.167 5.125-2.167 8 0 4.001 2.042 7.752 5.043 13.794.333.667.583.792 1.166.792h7.335c.542 0 .833-.208.833-.625 0-.208-.041-.333-.25-.75M7.501 14.377c-.833-1.25-1.083-1.334-1.292-1.334s-.333.083-.708.834L.208 24.46c-.166.334-.208.459-.208.625 0 .334.292.667.917.667h7.46c.5 0 .874-.416 1.083-1.208.25-1 .333-1.876.333-2.917 0-2.917-1.292-5.751-2.292-7.251z"/> <path fill=#5E6C84 d="M107.447 10.828c0 2.972 1.345 5.308 6.795 6.37 3.185.707 3.893 1.203 3.893 2.265 0 1.061-.708 1.698-2.973 1.698-2.619 0-5.733-.92-7.785-2.123v4.813c1.627.778 3.751 1.698 7.785 1.698 5.662 0 7.856-2.548 7.856-6.228m0 .07c0-3.538-1.84-5.166-7.148-6.298-2.902-.637-3.61-1.274-3.61-2.194 0-1.133 1.062-1.628 2.973-1.628 2.335 0 4.6.708 6.794 1.698v-4.6c-1.557-.779-3.892-1.345-6.653-1.345-5.237 0-7.927 2.265-7.927 5.945m72.475-5.803v20.17h4.318V9.979l1.769 4.035 6.087 11.324h5.379V5.166h-4.247v13.022l-1.628-3.821-4.883-9.201zm-27.319 0h-4.671v20.17h4.671zm-10.05 14.154c0-3.538-1.841-5.166-7.149-6.298-2.902-.637-3.609-1.274-3.609-2.194 0-1.133 1.061-1.628 2.972-1.628 2.336 0 4.601.708 6.795 1.699v-4.6c-1.557-.78-3.893-1.346-6.653-1.346-5.238 0-7.927 2.265-7.927 5.946 0 2.972 1.344 5.308 6.794 6.37 3.185.707 3.893 1.203 3.893 2.264 0 1.062-.708 1.699-2.973 1.699-2.618 0-5.733-.92-7.785-2.123v4.812c1.628.779 3.751 1.699 7.785 1.699 5.592 0 7.857-2.548 7.857-6.3M71.069 5.166v20.17h9.625l1.486-4.387h-6.44V5.166zm-19.039 0v4.317h5.167v15.854h4.741V9.483h5.592V5.166zm-6.866 0h-6.157L32 25.336h5.379l.99-3.396c1.204.353 2.478.566 3.752.566s2.548-.213 3.751-.567l.991 3.398h5.379c-.07 0-7.078-20.171-7.078-20.171M42.05 18.259c-.92 0-1.77-.141-2.548-.354L42.05 9.13l2.548 8.776a9.6 9.6 0 0 1-2.548.354zM97.326 5.166H91.17l-7.078 20.17h5.38l.99-3.396c1.203.353 2.477.566 3.751.566s2.548-.213 3.751-.567l.991 3.398h5.379zm-3.114 13.093c-.92 0-1.77-.141-2.548-.354l2.548-8.776 2.548 8.776a9.6 9.6 0 0 1-2.548.354m75.306-13.093h-6.157l-7.007 20.17h5.379l.991-3.396c1.203.353 2.477.566 3.751.566s2.548-.213 3.751-.567l.991 3.398h5.379zm-3.043 13.093c-.92 0-1.77-.141-2.548-.354l2.548-8.776 2.548 8.776a10 10 0 0 1-2.548.354"/> </svg></span></a><nav class="sc-dXfzlN insOyI"><a class="sc-iIHjhz RSHIw" href="/changelog/">Changelog</a><a class="sc-iIHjhz RSHIw" target="_blank" href="https://status.developer.atlassian.com">System status</a><a class="sc-iIHjhz RSHIw" target="_blank" href="https://www.atlassian.com/legal/privacy-policy">Privacy</a><a class="atl-policy-link atl-policy-link-text sc-iIHjhz RSHIw" target="_blank" href="https://www.atlassian.com/legal/privacy-policy#additional-disclosures-for-ca-residents">Notice at Collection</a><a class="sc-iIHjhz RSHIw" target="_blank" href="/platform/marketplace/atlassian-developer-terms/">Developer Terms</a><a class="sc-iIHjhz RSHIw" target="_blank" href="https://www.atlassian.com/legal/trademark">Trademark</a><a class="optanon-toggle-display hide-optanon-link sc-iIHjhz RSHIw">Cookie preferences</a><span class="sc-aewfc fDSCxc">© <!-- -->2025<!-- --> Atlassian</span></nav></div></footer></div></div><script nonce="5BHBW9r9DicVrF7kk1LLhBJmyHzyNCJGw/hfG7wL8q0=" type="text/javascript">(function(){var g=function(e,h,f,g){ this.get=function(a){for(var a=a+"=",c=document.cookie.split(";"),b=0,e=c.length;b<e;b++){for(var d=c[b];" "==d.charAt(0);)d=d.substring(1,d.length);if(0==d.indexOf(a))return d.substring(a.length,d.length)}return null}; this.set=function(a,c){var b="",b=new Date;b.setTime(b.getTime()+6048E5);b="; expires="+b.toGMTString();document.cookie=a+"="+c+b+"; path=/; "}; this.check=function(){var a=this.get(f);if(a)a=a.split(":");else if(100!=e)"v"==h&&(e=Math.random()>=e/100?0:100),a=[h,e,0],this.set(f,a.join(":"));else return!0;var c=a[1];if(100==c)return!0;switch(a[0]){case "v":return!1;case "r":return c=a[2]%Math.floor(100/c),a[2]++,this.set(f,a.join(":")),!c}return!0}; this.go=function(){if(this.check()){var a=document.createElement("script");a.type="text/javascript";a.src=g;document.body&&document.body.appendChild(a)}}; this.start=function(){var t=this;"complete"!==document.readyState?window.addEventListener?window.addEventListener("load",function(){t.go()},!1):window.attachEvent&&window.attachEvent("onload",function(){t.go()}):t.go()};}; try{(new g(100,"r","QSI_S_ZN_basBS9dBHxSA2iN","https://znbasbs9dbhxsa2in-atlassian.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_basBS9dBHxSA2iN")).start()}catch(i){}})();</script><div id="ZN_basBS9dBHxSA2iN"></div></div></div> </body> </html>