Hi
With ZBUG-4108, Zimbra 9.0.0 Patch 41 seems to have introduced a new OWASP html sanitizer knob: zimbra_owasp_strip_alt_tags_with_handlers.
What's the meaning of this configuration, and what are now the recommended settings for OWASP protection without too many false positives?
We are currently running with:Should we revert the latter two to their defaults after upgrading?
With ZBUG-4108, Zimbra 9.0.0 Patch 41 seems to have introduced a new OWASP html sanitizer knob: zimbra_owasp_strip_alt_tags_with_handlers.
What's the meaning of this configuration, and what are now the recommended settings for OWASP protection without too many false positives?
We are currently running with:
Code:
zimbra_use_owasp_html_sanitizer = truezimbra_strict_unclosed_comment_tag = false (default: true)zimbra_skip_tags_with_unclosed_cdata = "" (empty, default: "style")Statistics: Posted by ghen — Wed Sep 04, 2024 6:17 pm