Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LPS-53607 Sanitize the content in the backend so only some supported tags are allowed #24199

Closed
wants to merge 12 commits into from
Closed

LPS-53607 Sanitize the content in the backend so only some supported tags are allowed #24199

wants to merge 12 commits into from

Conversation

sergiogonzalez
Copy link

Hey Brian,

This is a resend of #24092 (comment)

I have implemented the logic as an OSGI module with a sanitizer. However, it needs to apply to all comments, not only blogs' so I have added it to /modules/apps/comments/ directory.

In order to distinguish between comments and message board messages I have included some extra information to the sanitizer in the options param.

Thanks!

Sergio Gonzalez and others added 12 commits February 20, 2015 12:37
LPS-53607 Include this logic back (it was temporarily removed by LPS-…
4d82989 
…52975)
LPS-53607 Create a new property for the comments format independent o…
350e331 
…f message boards. By default new comments will have html format. Keep the old behaviour as a legacy property.
LPS-53607 Include OWASP library for sanitizing HTML in comments
216824b
LPS-53607 Sanitize comments when using html format. We will only allo…
406e23b 
…w very basic markup like <a> <em> <p> <strong> <u>
LPS-53607 Format alphabetically
d9e1a74
LPS-53607 Allow to configure the allowed elements and attributes as a…
52a59cf 
… portal property and use it for both ckeditor and sanitizer.
LPS-53607 Tests
e93c0c9
@adolfopa
LPS-53607 describe expected format more precisely
cfcd8a5
@adolfopa
LPS-53607 allow blanks in allowedContent
5c6e6b9 
Be tollerant about whitespace between delimiters and brackets.
LPS-53607 SF
3e7b60c
LPS-53607 Allow sanitizers to distinguish when it's a comment and whe…
69827cd 
…n it's a message boards message since, at the end, both are using MBMessageLocalService
LPS-53607 Move logic to an OSGI module
c4f38f2
@sergiogonzalez sergiogonzalez changed the title LPS-53607 Move logic to an OSGI module LPS-53607 Sanitize the content in the backend so only some supported tags are allowed Feb 20, 2015
@liferay-continuous-integration
Copy link
Collaborator

All tests PASSED!

Build Time: 22 minutes 47 seconds

See the following links for more information.

@brianchandotcom
Copy link
Owner

Merged. Thank you.
View total diff: b94da26...27985dc

@sergiogonzalez sergiogonzalez deleted the LPS-53607_ branch April 18, 2016 20:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sergiogonzalez @liferay-continuous-integration @brianchandotcom @adolfopa