/[Apache-SVN]
ViewVC logotype

Revision 1859873

Jump to revision: Previous Next
Author: jleroux
Date: Fri May 24 13:27:38 2019 UTC (4 years, 11 months ago)
Changed paths: 7
Log Message: 
"Applied fix from trunk for revision: 1859871" 
------------------------------------------------------------------------
r1859871 | jleroux | 2019-05-24 15:24:31 +0200 (ven. 24 mai 2019) | 14 lignes

Fixed: OWASP sanitizer breaks proper rendering of HTML code
(OFBIZ-10187)

After a discussion with Dennis, I checked and the pattern ONSITE_URL would be 
useless without 

.allowAttributes("background").matching(ONSITE_URL)
.onElements("table")
.allowAttributes("background").matching(ONSITE_URL)
.onElements("td", "th", "tr")

So here they are

Thanks: Dennis Balkir for discussion
------------------------------------------------------------------------

Changed paths

Path Details
Directoryofbiz/ofbiz-framework/branches/release17.12/ modified , props changed
Directoryofbiz/ofbiz-framework/branches/release17.12/framework/base/src/main/java/org/apache/ofbiz/base/html/CustomPermissivePolicy.java modified , text changed
Directoryofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/jquery/plugins/elrte-1.3/css/smoothness/jquery-ui-1.8.13.custom.css modified , text changed
Directoryofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/jquery/plugins/jsTree/themes/apple/style.css modified , text changed
Directoryofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/jquery/plugins/jsTree/themes/classic/style.css modified , text changed
Directoryofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/jquery/plugins/jsTree/themes/default/style.css modified , text changed
Directoryofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/jquery/plugins/jsTree/themes/default-rtl/style.css modified , text changed
infrastructure at apache.org
 ViewVC Help
Powered by ViewVC 1.1.26