Foren

  1. Startseite
  2. Development
  3. Antisamy Hook issues with webcontent

Antisamy Hook issues with webcontent

thumbnail
Kowbathullah Gnaniyar, geändert vor 6 Jahren.

Antisamy Hook issues with webcontent

Liferay Master Beiträge: 722 Beitrittsdatum: 19.12.07 Neueste Beiträge
HI,

we have deployed antisamy hook in liferay 6.2 version for security reason to protect against the malicious code.
But issue is after deploying the hook, when we try to add the webcontent with HTML 5 attributes like data-title or data-value, portal is filtering those attributes in web content .
For example,

if we add this below content:
Option 2

After publishing the content, it changed like,
Option 2


it is possible to update the policy for html 5 attributes or any guess why it is happening?
thumbnail
Samuel Kong, geändert vor 6 Jahren.

RE: Antisamy Hook issues with webcontent

Liferay Legend Beiträge: 1902 Beitrittsdatum: 10.03.08 Neueste Beiträge
You can replace the default policy file (sanitizer-configuration.xml) with your own policy file. For more info on AntiSamy's policy files, check out the AntiSamy Developer Guide.
thumbnail
Kowbathullah Gnaniyar, geändert vor 6 Jahren.

RE: Antisamy Hook issues with webcontent

Liferay Master Beiträge: 722 Beitrittsdatum: 19.12.07 Neueste Beiträge
Samuel Kong:
You can replace the default policy file (sanitizer-configuration.xml) with your own policy file. For more info on AntiSamy's policy files, check out the AntiSamy Developer Guide.


Thanks samuel for your quick response . I will try to update the policy file.

But my question is, if we are using custom filter for XSS vulnerability issues, can we remove the antisamy hook?
thumbnail
Samuel Kong, geändert vor 6 Jahren.

RE: Antisamy Hook issues with webcontent

Liferay Legend Beiträge: 1902 Beitrittsdatum: 10.03.08 Neueste Beiträge
The answer is it depends. It depends on your custom filter and whether you think it's sufficient to for your use cases.
thumbnail
Kowbathullah Gnaniyar, geändert vor 6 Jahren.

RE: Antisamy Hook issues with webcontent

Liferay Master Beiträge: 722 Beitrittsdatum: 19.12.07 Neueste Beiträge
Samuel Kong:
The answer is it depends. It depends on your custom filter and whether you think it's sufficient to for your use cases.



Thanks. It works. I just added custom validation and rules in sanitizer-configuration.xml file . Actually when I added data-table attributes in table entity, antisamy filter doesn't accept as it assumes it would be some malicious script. so it was removed after validation checks. So i added new rule for table in configuration xml file.