[
https://issues.apache.org/jira/browse/OFBIZ-12653?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17557058#comment-17557058
]
Jacques Le Roux commented on OFBIZ-12653:
-----------------------------------------
After thought, about my workaround for single quote, that's wrong. We don't
want to allow single quotes OOTB. In case of need, a look into owasp.properties
is recommended, same for img or any other crossed issues . We don't want OFBiz
to be vulnerable OOTB and face other CVEs. It's OK for br because, as I said,
both are OK.
> Sanitizer <br> fail
> -------------------
>
> Key: OFBIZ-12653
> URL: https://issues.apache.org/jira/browse/OFBIZ-12653
> Project: OFBiz
> Issue Type: Improvement
> Components: content
> Affects Versions: Upcoming Branch
> Reporter: Ingo Wolfmayr
> Assignee: Jacques Le Roux
> Priority: Major
> Attachments: OFBIZ-12653.patch
>
>
> I copied a text with multiple lines from a text editor into the Trumbowyg
> Html field.The editor creates the Html structure using unclosed <br> elements.
> Unfortunately the sanitizer logic just takes <br />. A security warning is
> thrown and the content will not be stored.
> Issue also a request on Trumbowyg request list:
> [https://github.com/Alex-D/Trumbowyg/issues/1283]
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
