[ https://issues.apache.org/jira/browse/OFBIZ-12691?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17605243#comment-17605243 ]
Jacques Le Roux edited comment on OFBIZ-12691 at 5/24/24 6:31 AM: ------------------------------------------------------------------ Commit c005971e4be56ef7928a6f7d0b7f438e4aa64765 in ofbiz-framework's branch refs/heads/trunk from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=c005971e4b ] Improved: Extend HTML Sanitizer - style attribute (OFBIZ-12691) This is a no functional changes. It makes things clearer. I initially wanted to rather do that and forgot. The idea is to no change the sanitization done by HtmlSanitizer.Policy(). We just need to be sure that the comparison with unescapeEcmaScriptAndHtml4 works. Maybe later we will figure out that some more HTML entities will need to be added to {noformat} "'" and """ {noformat} ... was (Author: jira-bot): Commit c005971e4be56ef7928a6f7d0b7f438e4aa64765 in ofbiz-framework's branch refs/heads/trunk from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=c005971e4b ] Improved: Extend HTML Sanitizer - style attribute (OFBIZ-12691) This is a no functional changes. It makes things clearer. I initially wanted to rather do that and forgot. The idea is to no change the sanitization done by HtmlSanitizer.Policy(). We just need to be sure that the comparison with unescapeEcmaScriptAndHtml4 works. Maybe later we will figure out that some more HTML entities will need to be added to "'" and """... > Extend HTML Sanitizer - style attribute > --------------------------------------- > > Key: OFBIZ-12691 > URL: https://issues.apache.org/jira/browse/OFBIZ-12691 > Project: OFBiz > Issue Type: Bug > Components: content > Affects Versions: Upcoming Branch > Reporter: Ingo Wolfmayr > Assignee: Jacques Le Roux > Priority: Major > Fix For: 22.01.01 > > Attachments: SanitizerStyle.patch > > > Right now it is not possible to assign inline style to html content. > Trumbowyg Editor uses such tags for align paragraphs. > style="text-align:right" > It is necessary to remove space within the attribute and remove the trailing > semicolon in order to apply with OWASP filter rules. > Create or open content with "Long text". Goto dataresource and edit HTML. Put > in some text and use the align icons (right, center ...) to format the text. > Save. You will get a security info. -- This message was sent by Atlassian Jira (v8.20.10#820010)