Ingo Wolfmayr created OFBIZ-12691:
-------------------------------------
Summary: Extend HTML Sanitizer - style attribute
Key: OFBIZ-12691
URL: https://issues.apache.org/jira/browse/OFBIZ-12691
Project: OFBiz
Issue Type: Improvement
Components: content
Affects Versions: Upcoming Branch
Reporter: Ingo Wolfmayr
Attachments: SanitizerStyle.patch
Right now it is not possible to assign inline style to html content. Trumbowyg
Editor uses such tags for align paragraphs.
style="text-align:right"
It is necessary to remove space within the attribute and remove the trailing
semicolon in order to apply with OWASP filter rules.
Create or open content with "Long text". Goto dataresource and edit HTML. Put
in some text and use the align icons (right, center ...) to format the text.
Save. You will get a security info.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
