[jira] [Commented] (OFBIZ-9664) OFBiz 16 migration - HTML content filtered
[ https://issues.apache.org/jira/browse/OFBIZ-9664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16608363#comment-16608363 ] Jacques Le Roux commented on OFBIZ-9664: Thanks Sebastian, I'll just add that people should be carefull with this workaround. Because it removes some security in all other parts where sanitizer.permissive.policy is used, ie where HtmlEncoder::sanitize is used. I explained it a bit more in OFBIZ-10187 > OFBiz 16 migration - HTML content filtered > --- > > Key: OFBIZ-9664 > URL: https://issues.apache.org/jira/browse/OFBIZ-9664 > Project: OFBiz > Issue Type: Bug > Components: content, ecommerce >Affects Versions: 16.11.03 >Reporter: Sebastian Wachinger >Priority: Minor > Fix For: Trunk, 16.11.05 > > > Perhaps this is no bug, but a new feature: After migrating to OFBiz 16, > content of type "Long Text" containing HTML is now displayed in the ecommerce > shop frontend with certain attributes deleted, e.g. "class" and "id". Is > there a config file to allow those attributes to be displayed? -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-9664) OFBiz 16 migration - HTML content filtered
[ https://issues.apache.org/jira/browse/OFBIZ-9664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16608269#comment-16608269 ] Sebastian Wachinger commented on OFBIZ-9664: The solution for this issue is: Set sanitizer.permissive.policy=true in framework/base/config/owasp.properties. Case closed. > OFBiz 16 migration - HTML content filtered > --- > > Key: OFBIZ-9664 > URL: https://issues.apache.org/jira/browse/OFBIZ-9664 > Project: OFBiz > Issue Type: Bug > Components: content, ecommerce >Affects Versions: 16.11.03 >Reporter: Sebastian Wachinger >Priority: Minor > > Perhaps this is no bug, but a new feature: After migrating to OFBiz 16, > content of type "Long Text" containing HTML is now displayed in the ecommerce > shop frontend with certain attributes deleted, e.g. "class" and "id". Is > there a config file to allow those attributes to be displayed? -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-9664) OFBiz 16 migration - HTML content filtered
[ https://issues.apache.org/jira/browse/OFBIZ-9664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16148872#comment-16148872 ] Sebastian Wachinger commented on OFBIZ-9664: Hi Jacques, thank you for your message, I checked -OFBiz-7050- and this covers a different aspect (text not being stored). In the meantime I discovered that "Long Text" indeed is correctly displayed in the browser (including "class" and "id" attributes), only as long as it is comes from the CMS-system and not as part of an Ecommerce product- or category page with type "Description - long". ~Congrats for the OFBiz website relaunch (y)~ > OFBiz 16 migration - HTML content filtered > --- > > Key: OFBIZ-9664 > URL: https://issues.apache.org/jira/browse/OFBIZ-9664 > Project: OFBiz > Issue Type: Bug > Components: content, ecommerce >Affects Versions: 16.11.03 >Reporter: Sebastian Wachinger >Priority: Minor > > Perhaps this is no bug, but a new feature: After migrating to OFBiz 16, > content of type "Long Text" containing HTML is now displayed in the ecommerce > shop frontend with certain attributes deleted, e.g. "class" and "id". Is > there a config file to allow those attributes to be displayed? -- This message was sent by Atlassian JIRA (v6.4.14#64029)
