[ https://issues.apache.org/jira/browse/OFBIZ-6769?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux closed OFBIZ-6769. ---------------------------------- Resolution: Fixed Fix Version/s: (was: Trunk) Upcoming Branch Thanks Supachai, Your patch is in trunk r1720100 As explained at OFBIZ-6669 I did not backport to R14.12 and older release but it's possible... Of course you would allow "<script>" in your permissive policy at your own risk... > The renderContentAsText method should configure text sanitizer by > "sanitizer.permissive.policy" in owasp.properties > -------------------------------------------------------------------------------------------------------------------- > > Key: OFBIZ-6769 > URL: https://issues.apache.org/jira/browse/OFBIZ-6769 > Project: OFBiz > Issue Type: Bug > Reporter: Supachai Chaima-ngua > Assignee: Jacques Le Roux > Priority: Minor > Labels: content > Fix For: Upcoming Branch > > Attachments: ofbiz-renderContentAsText.diff > > > The renderContentAsText method should configure text sanitizer by > "sanitizer.permissive.policy" in owasp.properties. If electronic text > contains javascript, the renderContentAsText method will remove some content. -- This message was sent by Atlassian JIRA (v6.3.4#6332)