This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit 5d4dcd2ed490eb61f8a95bef5fe62140f5af08cb
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Sat Apr 2 16:24:17 2022 +0200
Improved: just a tiny comment change in security.properties
Make clear that it's impossible to create a complete deniedWebShellTokens
---
framework/security/config/security.properties | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/framework/security/config/security.properties
b/framework/security/config/security.properties
index f106f9b21f..03c6804e89 100644
--- a/framework/security/config/security.properties
+++ b/framework/security/config/security.properties
@@ -249,7 +249,7 @@ allowAllUploads=
#-- TODO.... to be continued with known webshell contents... a complete allow
list is impossible anyway...
#--
#-- It could notably be improved by checking for all Javascripts payloads.
-#-- As listed at
https://portswigger.net/web-security/cross-site-scripting/cheat-sheet,
+#-- But as listed at
https://portswigger.net/web-security/cross-site-scripting/cheat-sheet,
#-- at 2022-02-25 there are 8929 of them considering all tags, all events and
all browsers...!
#--
#-- "freemarker" should be OK, should not be used in Freemarker templates, not
part of the syntax.
