[
https://issues.apache.org/jira/browse/OFBIZ-12653?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17849644#comment-17849644
]
Chenghu Shan commented on OFBIZ-12653:
--------------------------------------
Hi [~jleroux],
thanks for your help. The last commit I'm referring to is the one mentioned in
the comment directly above my first: [
[https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=ed6e413569] ]. The
changes in UtilCodec.java introduce additional logic to change the given input
string (value).
Yes, both changing @ to "at" and the most recent change in OFBIZ-12691 would
solve my current problem. But I was assuming the "safe" logic should be
configured by using a CustomSafePolicy class.
> Sanitizer <br> fail
> -------------------
>
> Key: OFBIZ-12653
> URL: https://issues.apache.org/jira/browse/OFBIZ-12653
> Project: OFBiz
> Issue Type: Bug
> Components: content
> Affects Versions: Upcoming Branch
> Reporter: Ingo Wolfmayr
> Assignee: Jacques Le Roux
> Priority: Major
> Fix For: 22.01.01
>
> Attachments: CustomSafePolicy.patch, OFBIZ-12653.patch,
> UtilCodec.patch
>
>
> I copied a text with multiple lines from a text editor into the Trumbowyg
> Html field.The editor creates the Html structure using unclosed <br> elements.
> Unfortunately the sanitizer logic just takes <br />. A security warning is
> thrown and the content will not be stored.
> Issue also a request on Trumbowyg request list:
> [https://github.com/Alex-D/Trumbowyg/issues/1283]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
