Issue
-
Web Content Editing
If a script is added to the content field and published, the script is executed when the article is displayed. Accessing the page triggers an alert each time. Allowing such content could assist the creator to perform an XSS attack.
Environment
- DXP 7.0 ~ DXP 7.4
Resolution
-
This is the expected behavior
-
Admins have the option to whitelist and blacklist content that should be sanitized.
In this case we need to enable Antisamy on com.liferay.journal.model.JournalArticle
[DXP 7.4] Go to: System Settings > Security Tools > Antisamy and remove com.liferay.journal.model.JournalArticle from the whitelist field.
[DXP 7.0] Go to: System Settings > Foundation > AntiSamy Sanitizer and remove com.liferay.journal.model.JournalArticle from the whitelist field.
After republishing the web content, the alert window should no longer appear.
Conteúdo Excluesivo para Assinantes
Uma Subscrição do Liferay Enterprise fornece acesso a mais de 1.500 artigos que incluem práticas recomendadas, solução de problemas e outras soluções valiosas. Faça login para obter acesso completo.
Entrar