[ https://issues.apache.org/jira/browse/OFBIZ-12691?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603524#comment-17603524 ]
ASF subversion and git services commented on OFBIZ-12691: --------------------------------------------------------- Commit 733d0e0a8aeed9faf7ebd26be12178ba6987dd4f in ofbiz-framework's branch refs/heads/trunk from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=733d0e0a8a ] Fixed: Extend HTML Sanitizer - style attribute (OFBIZ-12691) Forgot to update UtilCodecTests::testCheckStringForHtmlSafe. UtilCodec::checkStringForHtmlSafe now returns HTML entities for quotes (single or double) > Extend HTML Sanitizer - style attribute > --------------------------------------- > > Key: OFBIZ-12691 > URL: https://issues.apache.org/jira/browse/OFBIZ-12691 > Project: OFBiz > Issue Type: Bug > Components: content > Affects Versions: Upcoming Branch > Reporter: Ingo Wolfmayr > Assignee: Jacques Le Roux > Priority: Major > Fix For: 22.01.01 > > Attachments: SanitizerStyle.patch > > > Right now it is not possible to assign inline style to html content. > Trumbowyg Editor uses such tags for align paragraphs. > style="text-align:right" > It is necessary to remove space within the attribute and remove the trailing > semicolon in order to apply with OWASP filter rules. > Create or open content with "Long text". Goto dataresource and edit HTML. Put > in some text and use the align icons (right, center ...) to format the text. > Save. You will get a security info. -- This message was sent by Atlassian Jira (v8.20.10#820010)