[
https://issues.apache.org/jira/browse/OFBIZ-12691?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603025#comment-17603025
]
ASF subversion and git services commented on OFBIZ-12691:
---------------------------------------------------------
Commit fb59acff0dee5ffa71b7248d50b4536706d16360 in ofbiz-framework's branch
refs/heads/release22.01 from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=fb59acff0d ]
Fixed: Extend HTML Sanitizer - style attribute (OFBIZ-12691)
Right now it is not possible to assign inline style to html content.
Trumbowyg Editor uses such tags for align paragraphs.
style="text-align:right"
It is necessary to remove space within the attribute and remove the trailing
semicolon in order to apply with OWASP filter rules.
Create or open content with "Long text". Goto dataresource and edit HTML.
Put in some text and use the align icons (right, center ...) to format the text.
Save. You will get a security info.
Thanks: Ingo Wolfmayr
> Extend HTML Sanitizer - style attribute
> ---------------------------------------
>
> Key: OFBIZ-12691
> URL: https://issues.apache.org/jira/browse/OFBIZ-12691
> Project: OFBiz
> Issue Type: Bug
> Components: content
> Affects Versions: Upcoming Branch
> Reporter: Ingo Wolfmayr
> Assignee: Jacques Le Roux
> Priority: Major
> Attachments: SanitizerStyle.patch
>
>
> Right now it is not possible to assign inline style to html content.
> Trumbowyg Editor uses such tags for align paragraphs.
> style="text-align:right"
> It is necessary to remove space within the attribute and remove the trailing
> semicolon in order to apply with OWASP filter rules.
> Create or open content with "Long text". Goto dataresource and edit HTML. Put
> in some text and use the align icons (right, center ...) to format the text.
> Save. You will get a security info.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
