[OFBIZ-12691] Extend HTML Sanitizer - style attribute - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Upcoming Branch
Fix Version/s: 22.01.01
Component/s: content
Labels:
None

Description

Right now it is not possible to assign inline style to html content. Trumbowyg Editor uses such tags for align paragraphs.

style="text-align:right"

It is necessary to remove space within the attribute and remove the trailing semicolon in order to apply with OWASP filter rules.

Create or open content with "Long text". Goto dataresource and edit HTML. Put in some text and use the align icons (right, center ...) to format the text. Save. You will get a security info.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SanitizerStyle.patch
10/Sep/22 10:00
2 kB
Ingo Wolfmayr

Activity

People

Assignee:: Jacques Le Roux

Reporter:: Ingo Wolfmayr

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 10/Sep/22 09:41

Updated:: 15/Sep/22 13:01

Resolved:: 12/Sep/22 09:53