the oops is deeper than I thought. if you have a project name with parenthesis [Our Really Cool (ORC) project] it will load; if you edit it on screen the edit will reject the name; but the next run puts it back from the pom update code. Can't have the pom loader/update routine accepting what a screen edit won't.
Whatever the character suppression rules are for the XSS concerns, the POM loader/validator must use the same. Dr. Louis Smith, ThD Chief Technology Officer, Kyra Solutions, Inc. Museum Director, Veterans Memorial Railroad On Tue, Aug 11, 2015 at 8:35 PM, Brent Atkinson <brent.atkin...@gmail.com> wrote: > Hi Louis, > > There isn't a global fix unfortunately. It appears input for a number of > controls was white-listed in order to prevent cross site scripting (XSS) > vulnerabilities, as described in > https://issues.apache.org/jira/browse/CONTINUUM-2620. You are welcome to > submit an issue and an appropriate patch expanding the input allowed for > the controls in question. From your email, it seems you would only need to > expand the argument fields. > > Brent > > On Tue, Aug 4, 2015 at 4:57 PM, Louis Smith <dr.louis.sm...@gmail.com> > wrote: > > > One of the technologies that we have under Continuum management at one of > > my clients is Oracle Forms. > > > > The vendor supplied scripts to build/deploy require parameters including > a > > database linkage parm in the form of id/pw@instance > > > > This seems to now have an issue - reporting "Arguments contains invalid > > characters". > > > > Looks like BuildDefinitionAction-saveBuildDefinition-validation.xml has > > gotten more aggressive in checking the arguments line. > > > > Advice on an easy "global" fix for this, or do I need to edit all the > > validation.xml files? > > > > Thanks, > > > > Louis > > > > Dr. Louis Smith, ThD > > Chief Technology Officer, Kyra Solutions, Inc. > > Museum Director, Veterans Memorial Railroad > > >
