[jira] [Commented] (OFBIZ-12653) Sanitizer
fail

Thu, 31 Oct 2024 08:36:27 -0700 


    [ 
https://issues.apache.org/jira/browse/OFBIZ-12653?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17894625#comment-17894625
 ] 

Jacques Le Roux commented on OFBIZ-12653:
-----------------------------------------

Hi Wiebke,

A 1st simple test, similar to the one Ingo used, at 
https://localhost:8443/content/control/WebSiteCms?webSiteId=CmsSite
Copying the OOTB text in my text editor
Clear the OOTB text
Copy the text from my text editor
Recording 

I get this error:
2024-10-31 16:29:30,385 |sse-nio-8443-exec-10 |ServiceDispatcher             
|E| Incoming context (in runSync : updateTextContent) does not match expected 
requirements
org.apache.ofbiz.service.ServiceValidationException: Dans le champ "textData", 
conformÚment Ó notre politique de saisie, votre saisie n'a pas ÚtÚ acceptÚe 
pour des raisons de sÚcuritÚ. Veuillez vÚrifier et modifier en consÚquence, 
merci.

        at 
org.apache.ofbiz.service.ModelService.allowHtmlValidation(ModelService.java:1236)
 ~[main/:?]
        at 
org.apache.ofbiz.service.ModelService.validate(ModelService.java:1176) 
~[main/:?]
        at 
org.apache.ofbiz.service.ModelService.validate(ModelService.java:1120) 
~[main/:?]
        at 
org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:408) 
[main/:?]
        at 
org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:244) 
[main/:?]
        at 
org.apache.ofbiz.service.GenericDispatcherFactory$GenericDispatcher.runSync(GenericDispatcherFactory.java:93)
 [main/:?]
        at 
org.apache.ofbiz.webapp.event.ServiceEventHandler.invoke(ServiceEventHandler.java:254)
 [main/:?]
        at 
org.apache.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:1080)
 [main/:?]
        at 
org.apache.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:678)
 [main/:?]
        at 
org.apache.ofbiz.webapp.control.ControlServlet.handle(ControlServlet.java:231) 
[main/:?]
        at 
org.apache.ofbiz.webapp.control.ControlServlet.doPost(ControlServlet.java:81) 
[main/:?]

Sorry for the broken French, means:
In the "textData" field, according to our input policy, your input was not 
accepted for security reasons. Please check and modify accordingly, thank you.

> Sanitizer <br> fail
> -------------------
>
>                 Key: OFBIZ-12653
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-12653
>             Project: OFBiz
>          Issue Type: Bug
>          Components: content
>    Affects Versions: Upcoming Branch
>            Reporter: Ingo Wolfmayr
>            Assignee: Jacques Le Roux
>            Priority: Major
>             Fix For: 22.01.01
>
>         Attachments: CustomSafePolicy.patch, OFBIZ-12653.patch, 
> UtilCodec.patch
>
>
> I copied a text with multiple lines from a text editor into the Trumbowyg 
> Html field.The editor creates the Html structure using unclosed <br> elements.
> Unfortunately the sanitizer logic just takes <br />. A security warning is 
> thrown and the content will not be stored.
> Issue also a request on Trumbowyg request list:
> [https://github.com/Alex-D/Trumbowyg/issues/1283]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to