[
https://issues.apache.org/jira/browse/OFBIZ-12653?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603024#comment-17603024
]
ASF subversion and git services commented on OFBIZ-12653:
---------------------------------------------------------
Commit ed6e413569953c542e927aadd466808e9875897c in ofbiz-framework's branch
refs/heads/release22.01 from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=ed6e413569 ]
Improved: CustomSafePolicy, also use TagBalancingHtmlStreamEventReceiver
(OFBIZ-12653)
Adds <img> and <hr> to CustomSafePolicy, removes obsolete <tt>. <img> allows
only attributes src and alt.
Both <br> and <br /> are correct. For that, this rather uses
TagBalancingHtmlStreamEventReceiver
Thanks: Ingo Wolfmayr
> Sanitizer <br> fail
> -------------------
>
> Key: OFBIZ-12653
> URL: https://issues.apache.org/jira/browse/OFBIZ-12653
> Project: OFBiz
> Issue Type: Improvement
> Components: content
> Affects Versions: Upcoming Branch
> Reporter: Ingo Wolfmayr
> Assignee: Jacques Le Roux
> Priority: Major
> Fix For: Upcoming Branch
>
> Attachments: CustomSafePolicy.patch, OFBIZ-12653.patch,
> UtilCodec.patch
>
>
> I copied a text with multiple lines from a text editor into the Trumbowyg
> Html field.The editor creates the Html structure using unclosed <br> elements.
> Unfortunately the sanitizer logic just takes <br />. A security warning is
> thrown and the content will not be stored.
> Issue also a request on Trumbowyg request list:
> [https://github.com/Alex-D/Trumbowyg/issues/1283]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
