掲示板

  1. ホーム
  2. Development
  3. Antisamy Hook issues with webcontent

Antisamy Hook issues with webcontent

thumbnail
6年前 に Kowbathullah Gnaniyar によって更新されました。

Antisamy Hook issues with webcontent

Liferay Master 投稿: 722 参加年月日: 07/12/19 最新の投稿
HI,

we have deployed antisamy hook in liferay 6.2 version for security reason to protect against the malicious code.
But issue is after deploying the hook, when we try to add the webcontent with HTML 5 attributes like data-title or data-value, portal is filtering those attributes in web content .
For example,

if we add this below content:
Option 2

After publishing the content, it changed like,
Option 2


it is possible to update the policy for html 5 attributes or any guess why it is happening?
thumbnail
6年前 に Samuel Kong によって更新されました。

RE: Antisamy Hook issues with webcontent

Liferay Legend 投稿: 1902 参加年月日: 08/03/10 最新の投稿
You can replace the default policy file (sanitizer-configuration.xml) with your own policy file. For more info on AntiSamy's policy files, check out the AntiSamy Developer Guide.
thumbnail
6年前 に Kowbathullah Gnaniyar によって更新されました。

RE: Antisamy Hook issues with webcontent

Liferay Master 投稿: 722 参加年月日: 07/12/19 最新の投稿
Samuel Kong:
You can replace the default policy file (sanitizer-configuration.xml) with your own policy file. For more info on AntiSamy's policy files, check out the AntiSamy Developer Guide.


Thanks samuel for your quick response . I will try to update the policy file.

But my question is, if we are using custom filter for XSS vulnerability issues, can we remove the antisamy hook?
thumbnail
6年前 に Samuel Kong によって更新されました。

RE: Antisamy Hook issues with webcontent

Liferay Legend 投稿: 1902 参加年月日: 08/03/10 最新の投稿
The answer is it depends. It depends on your custom filter and whether you think it's sufficient to for your use cases.
thumbnail
6年前 に Kowbathullah Gnaniyar によって更新されました。

RE: Antisamy Hook issues with webcontent

Liferay Master 投稿: 722 参加年月日: 07/12/19 最新の投稿
Samuel Kong:
The answer is it depends. It depends on your custom filter and whether you think it's sufficient to for your use cases.



Thanks. It works. I just added custom validation and rules in sanitizer-configuration.xml file . Actually when I added data-table attributes in table entity, antisamy filter doesn't accept as it assumes it would be some malicious script. so it was removed after validation checks. So i added new rule for table in configuration xml file.