[
https://issues.apache.org/jira/browse/OFBIZ-9664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16608363#comment-16608363 ]
Jacques Le Roux commented on OFBIZ-9664:
----------------------------------------
Thanks Sebastian,
I'll just add that people should be carefull with this workaround. Because it removes some security in all other parts where sanitizer.permissive.policy is used, ie where HtmlEncoder::sanitize is used. I explained it a bit more in OFBIZ-10187
> OFBiz 16 migration - HTML content filtered
> -------------------------------------------
>
> Key: OFBIZ-9664
> URL:
https://issues.apache.org/jira/browse/OFBIZ-9664> Project: OFBiz
> Issue Type: Bug
> Components: content, ecommerce
> Affects Versions: 16.11.03
> Reporter: Sebastian Wachinger
> Priority: Minor
> Fix For: Trunk, 16.11.05
>
>
> Perhaps this is no bug, but a new feature: After migrating to OFBiz 16, content of type "Long Text" containing HTML is now displayed in the ecommerce shop frontend with certain attributes deleted, e.g. "class" and "id". Is there a config file to allow those attributes to be displayed?
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
Locked
