Author: jleroux
Date: Thu May 9 09:17:08 2019
New Revision: 1858980
URL:
http://svn.apache.org/viewvc?rev=1858980&view=revLog:
Fixed: OWASP sanitizer breaks proper rendering of HTML code
(OFBIZ-10187)
By default we now use a permissive sanitizer policy
Modified:
ofbiz/ofbiz-framework/trunk/framework/base/config/owasp.properties
Modified: ofbiz/ofbiz-framework/trunk/framework/base/config/owasp.properties
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/base/config/owasp.properties?rev=1858980&r1=1858979&r2=1858980&view=diff==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/base/config/owasp.properties (original)
+++ ofbiz/ofbiz-framework/trunk/framework/base/config/owasp.properties Thu May 9 09:17:08 2019
@@ -21,10 +21,11 @@
# OFBiz OWASP properties File
https://www.owasp.org/index.php/Main_Page ####
-# Should we use a permissive sanitizer policy? False By default!
-# This has a slightly impact on the code rendered, see last comments in OFBIZ-6669.
+# By default we use a permissive sanitizer policy
+# This has a slight impact on the code rendered, see last comments in OFBIZ-6669.
# Given as an example based on rendering cmssite, as it was before using the sanitizer.
-# You might even want to adapt the PERMISSIVE_POLICY to your needs... Be sure to check
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet before...
+# You might even want to adapt the PERMISSIVE_POLICY to your needs.
+# Be sure to check
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet before...
# Use sanitizer.permissive.policy=CUSTOM to use your custom PolicyFactory
sanitizer.enable=true
Locked
