Yet another to hit the Zimbra OWASP sanitizer html webclient display issue.
Migrated from Centos 6 to Rocky 8 and upgrade from 9.0.0 p19 to p26 and suddenly HTML emails wont render in webclient. Disable OWASP check "zmlocalconfig -e zimbra_use_owasp_html_sanitizer=false" and all is displayed again.
What do we have to do to get this fixed and working properly? Is the some sort of setting that we can tweek?
OWASP sanitizer is fragged
-
- Outstanding Member
- Posts: 259
- Joined: Thu May 12, 2016 1:56 pm
- Location: Belgium
- ZCS/ZD Version: 9.0.0
Re: OWASP sanitizer is fragged
This was a regression in P26. Check P27 and P28 release notes.
Re: OWASP sanitizer is fragged
Sorry, i mistyped, i am on P28 not p26
$ zmcontrol -v
Release 9.0.0_GA_4325.RHEL8_64_20220629074359 RHEL8_64 NETWORK edition, Patch 9.0.0_P28.
I applied the config
$ zmlocalconfig -e zimbra_strict_unclosed_comment_tag=false
$ zmlocalconfig -e zimbra_use_owasp_html_sanitizer=true
$ zmmailboxdctl restart
And it doesnt fix the problem.
Had to revert to sanitizer=false
The email should look like this
$ zmcontrol -v
Release 9.0.0_GA_4325.RHEL8_64_20220629074359 RHEL8_64 NETWORK edition, Patch 9.0.0_P28.
I applied the config
$ zmlocalconfig -e zimbra_strict_unclosed_comment_tag=false
$ zmlocalconfig -e zimbra_use_owasp_html_sanitizer=true
$ zmmailboxdctl restart
And it doesnt fix the problem.
Had to revert to sanitizer=false
The email should look like this
Re: OWASP sanitizer is fragged
ALL HTML emails do not display.
Text emails are seen correctly.
Text emails are seen correctly.
-
- Zimbra Employee
- Posts: 137
- Joined: Mon Apr 11, 2022 8:39 pm
Re: OWASP sanitizer is fragged
Please open a support case with affected email, so we can analyse and provide solution for the problem.