Open bryanboza opened 8 months ago
Also we need to handle other cases when you try to execute an script
It looks like the script is not running and sanitization works good on that front but for other tags we probably should address it.
@bryanboza Did you try validation regex? The description and title are text fields. You need to set the regex in the text field while creating the content type. There is regex for each such as text, title, description, search and so on.
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.
@bryanboza @mbiuki Any updates here?
Problem Statement
Currently, dotCMS allows HTML format to be set in content added via REST without proper restrictions. This poses a security risk and may lead to unintended consequences such as cross-site scripting (XSS) vulnerabilities. There is a need to enhance the system to restrict or validate HTML input more effectively.
Steps to Reproduce
Acceptance Criteria
dotCMS Version
Tested on master // Docker // FF
Proposed Objective
Quality Assurance
Proposed Priority
Priority 1 - Show Stopper