[
https://issues.apache.org/jira/browse/OFBIZ-12653?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603023#comment-17603023
]
ASF subversion and git services commented on OFBIZ-12653:
---------------------------------------------------------
Commit 546e313f6d3ec9f9b20d4abb1eb7ca8c46b0e47a in ofbiz-framework's branch
refs/heads/release22.01 from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=546e313f6d ]
Improved: OWASP sanitizer breaks proper rendering of HTML code (OFBIZ-12653)
Allows both <br> and <br /> to pass in UtilCodec::checkStringForHtmlSafe, both
are correct.
Clarifies owasp.properties documentation about how to create own sanitizer
policies
> Sanitizer <br> fail
> -------------------
>
> Key: OFBIZ-12653
> URL: https://issues.apache.org/jira/browse/OFBIZ-12653
> Project: OFBiz
> Issue Type: Improvement
> Components: content
> Affects Versions: Upcoming Branch
> Reporter: Ingo Wolfmayr
> Assignee: Jacques Le Roux
> Priority: Major
> Fix For: Upcoming Branch
>
> Attachments: CustomSafePolicy.patch, OFBIZ-12653.patch,
> UtilCodec.patch
>
>
> I copied a text with multiple lines from a text editor into the Trumbowyg
> Html field.The editor creates the Html structure using unclosed <br> elements.
> Unfortunately the sanitizer logic just takes <br />. A security warning is
> thrown and the content will not be stored.
> Issue also a request on Trumbowyg request list:
> [https://github.com/Alex-D/Trumbowyg/issues/1283]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
