Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-71763

svg xlink:href is not allowed to point to an external domain

    Details

      Description

      Steps to Reproduce

      1. Add an entry to your system's hosts file for abc.com that points to your local server.
      2. Create a portal-ext.properties file with at least the following properties:
        redirect.url.ips.allowed=
        cdn.host.http=http://abc.com:8080/
        cdn.dynamic.resources.enabled=false
        
      3. Startup Liferay and visit http://localhost:8080/

      Expected behavior is that there are no errors in the Javascript console. Actual behavior is there are errors in the Javascript console due to the SVGs being created with an xlink:href pointing to the CDN URL, which is not allowed. See this comment on svg4everybody for more information.

      https://github.com/jonathantneal/svg4everybody/issues/16#issuecomment-225315731

      Potential Problematic Files

      Running a grep against the source code for xlink:href reveals the following places that need to be updated and tested:

      git ls-files | grep -F '.java' | tr '\n' '\0' | xargs -0 grep -Fl 'xlink:href'
      • util-taglib/src/com/liferay/taglib/aui/ATag.java
      • util-taglib/src/com/liferay/taglib/aui/IconTag.java
       git ls-files | grep -F '.js' | tr '\n' '\0' | xargs -0 grep -Fl 'xlink:href' | grep -vF '.task-cache'
      • modules/apps/forms-and-workflow/dynamic-data-mapping/dynamic-data-mapping-type-text-localizable/src/main/resources/META-INF/resources/text_localizable.soy.js
      • modules/apps/foundation/frontend-js/frontend-js-web/src/main/resources/META-INF/resources/liferay/alert.js
      • modules/apps/foundation/frontend-js/frontend-js-web/src/main/resources/META-INF/resources/liferay/fullscreen_source_editor.js
      • modules/apps/foundation/frontend-js/frontend-js-web/src/main/resources/META-INF/resources/liferay/upload.js
      • modules/apps/foundation/frontend-js/frontend-js-web/src/main/resources/META-INF/resources/liferay/util.js
      • modules/apps/foundation/frontend-js/frontend-js-web/src/main/resources/META-INF/resources/liferay/util_window.js
      • modules/apps/foundation/frontend-taglib/frontend-taglib/src/main/resources/META-INF/resources/diff_version_comparator/js/diff_version_comparator.js
      • modules/apps/marketplace/marketplace-app-manager-web/src/main/resources/META-INF/resources/icon.jsp

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  3 years, 14 weeks, 1 day ago

                  Packages

                  Version Package
                  7.0.0 DXP FP14
                  7.0.0 DXP SP3
                  7.0.3 CE GA4
                  7.0.X EE
                  7.1.X
                  Master