[ https://issues.apache.org/jira/browse/OFBIZ-12653?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17561045#comment-17561045 ]
Ingo Wolfmayr commented on OFBIZ-12653: --------------------------------------- Hi Jacques, I had a look at those files and you will find a proposal for a possible improvement attached. Instead of replacing <br> tag or any other tag, I applied an "empty" sanitizer on the html string which returns a valid html string, to replace the original string - without removing elements. Thereafter the "real" sanitizer is applied. The only changed for allowing image tags will be in CustomSafePolicy. Proposal attached. What do you think? > Sanitizer <br> fail > ------------------- > > Key: OFBIZ-12653 > URL: https://issues.apache.org/jira/browse/OFBIZ-12653 > Project: OFBiz > Issue Type: Improvement > Components: content > Affects Versions: Upcoming Branch > Reporter: Ingo Wolfmayr > Assignee: Jacques Le Roux > Priority: Major > Attachments: OFBIZ-12653.patch > > > I copied a text with multiple lines from a text editor into the Trumbowyg > Html field.The editor creates the Html structure using unclosed <br> elements. > Unfortunately the sanitizer logic just takes <br />. A security warning is > thrown and the content will not be stored. > Issue also a request on Trumbowyg request list: > [https://github.com/Alex-D/Trumbowyg/issues/1283] -- This message was sent by Atlassian Jira (v8.20.10#820010)