Author: jonesde
Date: Tue Mar 10 06:14:15 2009
New Revision: 751990
URL: http://svn.apache.org/viewvc?rev=751990&view=rev
Log:
Changed the HTML checking to only check and never change values; if they come
from a webapp they will already be canonicalized, and for services calling
other services and such we don't want to do canonicalization or the like
Modified:
ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java
Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java?rev=751990&r1=751989&r2=751990&view=diff
==============================================================================
--- ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java
(original)
+++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java Tue
Mar 10 06:14:15 2009
@@ -558,11 +558,9 @@
// the param is a String, allow-html is none or safe, and
we are looking at an IN parameter during input parameter validation
String value = (String) context.get(modelParam.name);
if ("none".equals(modelParam.allowHtml)) {
- value =
StringUtil.checkStringForHtmlStrictNone(modelParam.name, value,
errorMessageList);
- context.put(modelParam.name, value);
+
StringUtil.checkStringForHtmlStrictNone(modelParam.name, value,
errorMessageList);
} else if ("safe".equals(modelParam.allowHtml)) {
- value =
StringUtil.checkStringForHtmlSafeOnly(modelParam.name, value, errorMessageList);
- context.put(modelParam.name, value);
+ StringUtil.checkStringForHtmlSafeOnly(modelParam.name,
value, errorMessageList);
}
}
}
