[
https://issues.apache.org/jira/browse/OFBIZ-6769?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux closed OFBIZ-6769.
----------------------------------
Resolution: Fixed
Fix Version/s: (was: Trunk)
Upcoming Branch
Thanks Supachai,
Your patch is in trunk r1720100
As explained at OFBIZ-6669 I did not backport to R14.12 and older release but it's possible...
Of course you would allow "<script>" in your permissive policy at your own risk...
> The renderContentAsText method should configure text sanitizer by "sanitizer.permissive.policy" in owasp.properties
> --------------------------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-6769
> URL:
https://issues.apache.org/jira/browse/OFBIZ-6769> Project: OFBiz
> Issue Type: Bug
> Reporter: Supachai Chaima-ngua
> Assignee: Jacques Le Roux
> Priority: Minor
> Labels: content
> Fix For: Upcoming Branch
>
> Attachments: ofbiz-renderContentAsText.diff
>
>
> The renderContentAsText method should configure text sanitizer by "sanitizer.permissive.policy" in owasp.properties. If electronic text contains javascript, the renderContentAsText method will remove some content.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Locked
