This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push: new c7fef0c Fixed: Post-auth XSS vulnerability at catalog/control/EditProductPromo (OFBIZ-12096) c7fef0c is described below commit c7fef0c409bca7c01d1f94e9431af52714398c58 Author: Jacques Le Roux <jacques.le.r...@les7arts.com> AuthorDate: Sat Dec 19 17:59:02 2020 +0100 Fixed: Post-auth XSS vulnerability at catalog/control/EditProductPromo (OFBIZ-12096) We missed to unescape EcmaScript encoded strings in UtilCoded::checkStringForHtmlSafe, ie in all form fields using allow-html="safe" Thanks: 牛治 <niu....@zte.com.cn> for report --- framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java index adc5e44b..449bd5d 100644 --- a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java +++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java @@ -479,7 +479,7 @@ public class UtilCodec { } if (value != null) { - String filtered = policy.sanitize(value); + String filtered = StringEscapeUtils.unescapeEcmaScript(policy.sanitize(value)); if (filtered != null && !value.equals(StringEscapeUtils.unescapeHtml4(filtered))) { String issueMsg = null; if (locale.equals(new Locale("test"))) { @@ -603,5 +603,4 @@ public class UtilCodec { return this.internalMap.toString(); } } - }