Skip to content

ZBUG-3640 - fix for OWASP Sanitizer blocking message from displaying … #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 4, 2024
Merged

ZBUG-3640 - fix for OWASP Sanitizer blocking message from displaying … #15

merged 2 commits into from
Jul 4, 2024

Conversation

@sumitkumar1110
Copy link
Contributor

@sumitkumar1110 sumitkumar1110 commented Jun 12, 2024

Problem - OWASP Sanitizer blocking message from displaying in webmail.

Analysis- While checking for the HTML Comment, it seems to have been checked the previous two characters are "-" but only char - 2 is checked twice. So if a CSS Child combinator with - selector is used, it was treated as error.

This is a known issue of OWASP/java-html-sanitizer. This PR has been merged but we haven't took the latest code, due to which we are still facing the issue.

PR link - OWASP/java-html-sanitizer#297

Fix- Referred the above PR and did similar changes to fix the issue.

@shrutig0510
Copy link

shrutig0510 commented Jun 12, 2024

LGTM.

@sumitkumar1110 sumitkumar1110 marked this pull request as ready for review June 13, 2024 04:58
@sumitkumar1110 sumitkumar1110 marked this pull request as draft June 13, 2024 13:33
@sumitkumar1110 sumitkumar1110 marked this pull request as ready for review June 19, 2024 09:06
@sumitkumar1110 sumitkumar1110 requested a review from umagmrit June 19, 2024 10:46
@sumitkumar1110 sumitkumar1110 merged commit 985e0ce into develop Jul 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shrutig0510 shrutig0510 shrutig0510 approved these changes

@zimsuchitgupta zimsuchitgupta Awaiting requested review from zimsuchitgupta

@chitranshu198 chitranshu198 Awaiting requested review from chitranshu198

@RakeshAMore RakeshAMore Awaiting requested review from RakeshAMore

@dasiyogesh dasiyogesh Awaiting requested review from dasiyogesh

@preshitaagrawal preshitaagrawal Awaiting requested review from preshitaagrawal

@silentsakky silentsakky Awaiting requested review from silentsakky

@umagmrit umagmrit Awaiting requested review from umagmrit

+1 more reviewer

@PrasadpLad PrasadpLad PrasadpLad approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sumitkumar1110 @shrutig0510 @PrasadpLad