[jira] [Updated] (OFBIZ-12691) Extend HTML Sanitizer - style attribute

Ingo Wolfmayr (Jira) Sat, 10 Sep 2022 03:01:07 -0700


     [ 
https://issues.apache.org/jira/browse/OFBIZ-12691?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ingo Wolfmayr updated OFBIZ-12691:
----------------------------------
    Attachment:     (was: SanitizerStyle.patch)

> Extend HTML Sanitizer - style attribute
> ---------------------------------------
>
>                 Key: OFBIZ-12691
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-12691
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: content
>    Affects Versions: Upcoming Branch
>            Reporter: Ingo Wolfmayr
>            Priority: Major
>         Attachments: SanitizerStyle.patch
>
>
> Right now it is not possible to assign inline style to html content. 
> Trumbowyg Editor uses such tags for align paragraphs.
> style="text-align:right"
> It is necessary to remove space within the attribute and remove the trailing 
> semicolon in order to apply with OWASP filter rules.
> Create or open content with "Long text". Goto dataresource and edit HTML. Put 
> in some text and use the align icons (right, center ...) to format the text. 
> Save. You will get a security info.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (OFBIZ-12691) Extend HTML Sanitizer - style attribute

Reply via email to