[
https://issues.apache.org/jira/browse/OFBIZ-12691?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603524#comment-17603524
]
ASF subversion and git services commented on OFBIZ-12691:
---------------------------------------------------------
Commit 733d0e0a8aeed9faf7ebd26be12178ba6987dd4f in ofbiz-framework's branch
refs/heads/trunk from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=733d0e0a8a ]
Fixed: Extend HTML Sanitizer - style attribute (OFBIZ-12691)
Forgot to update UtilCodecTests::testCheckStringForHtmlSafe.
UtilCodec::checkStringForHtmlSafe now returns HTML entities for quotes (single
or double)
> Extend HTML Sanitizer - style attribute
> ---------------------------------------
>
> Key: OFBIZ-12691
> URL: https://issues.apache.org/jira/browse/OFBIZ-12691
> Project: OFBiz
> Issue Type: Bug
> Components: content
> Affects Versions: Upcoming Branch
> Reporter: Ingo Wolfmayr
> Assignee: Jacques Le Roux
> Priority: Major
> Fix For: 22.01.01
>
> Attachments: SanitizerStyle.patch
>
>
> Right now it is not possible to assign inline style to html content.
> Trumbowyg Editor uses such tags for align paragraphs.
> style="text-align:right"
> It is necessary to remove space within the attribute and remove the trailing
> semicolon in order to apply with OWASP filter rules.
> Create or open content with "Long text". Goto dataresource and edit HTML. Put
> in some text and use the align icons (right, center ...) to format the text.
> Save. You will get a security info.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
