[ https://issues.apache.org/jira/browse/OFBIZ-12653?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603023#comment-17603023 ]
ASF subversion and git services commented on OFBIZ-12653: --------------------------------------------------------- Commit 546e313f6d3ec9f9b20d4abb1eb7ca8c46b0e47a in ofbiz-framework's branch refs/heads/release22.01 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=546e313f6d ] Improved: OWASP sanitizer breaks proper rendering of HTML code (OFBIZ-12653) Allows both <br> and <br /> to pass in UtilCodec::checkStringForHtmlSafe, both are correct. Clarifies owasp.properties documentation about how to create own sanitizer policies > Sanitizer <br> fail > ------------------- > > Key: OFBIZ-12653 > URL: https://issues.apache.org/jira/browse/OFBIZ-12653 > Project: OFBiz > Issue Type: Improvement > Components: content > Affects Versions: Upcoming Branch > Reporter: Ingo Wolfmayr > Assignee: Jacques Le Roux > Priority: Major > Fix For: Upcoming Branch > > Attachments: CustomSafePolicy.patch, OFBIZ-12653.patch, > UtilCodec.patch > > > I copied a text with multiple lines from a text editor into the Trumbowyg > Html field.The editor creates the Html structure using unclosed <br> elements. > Unfortunately the sanitizer logic just takes <br />. A security warning is > thrown and the content will not be stored. > Issue also a request on Trumbowyg request list: > [https://github.com/Alex-D/Trumbowyg/issues/1283] -- This message was sent by Atlassian Jira (v8.20.10#820010)