That's why https://issues.apache.org/jira/browse/OFBIZ-5254 is not
closed, just resolved as incomplete. In other word it's a temporary
unsatisfying solution.
The idea is to continue https://issues.apache.org/jira/browse/OFBIZ-5343
All good wills are welcome
Jacques
On Friday, December 27, 2013 11:20 PM scott.g...@hotwaxmedia.com wrote
"safe" should not have been deprecated. The input should have just been
cleansed as an interim measure until a better solution
could be found.
Regards
Scott
On 27/12/2013, at 9:37 PM, Jacques Le Roux wrote:
I agree, it's in my long TODO list...
Jacques
On Friday, December 27, 2013 8:43 PM scott.g...@hotwaxmedia.com wrote
This is not a fix, the problem was that "safe" wasn't filtering unsafe
html or returning an error. Taking all "safe" input
parameters and making them "any" because "safe" wasn't working as
intended is a bit silly to say the least.
Regards
Scott
On 28/10/2013, at 12:12 PM, jler...@apache.org wrote:
Author: jleroux
Date: Mon Oct 28 12:12:43 2013
New Revision: 1536324
URL: http://svn.apache.org/r1536324
Log:
Fixes <<Services allow arbitrary HTML for parameters with allow-html
set to "safe">>
https://issues.apache.org/jira/browse/OFBIZ-5254
After r751990, <<allow-html="any">> and <<allow-html="safe">> are the
same: they do nothing! The only difference is the warning
message from the OWASP Antisamy IntrusionDetector, which is both, as
Christoph noted "giving you a false sense of security" or
as I wrote "disturbing, wrong and useless". So there are no longer
any reasons for differencing "safe" and "any".
This
* Deprecates "safe" (making it clear in the XSD documentation),
keeping only "none" and "any". This is for backward
compatibility, else we could completely remove the misleading "safe".
Note that "none" is the default.
* Replaces in services definition all allow-html="safe" by
allow-html="any"
* Remove from ModelService.java (near line 587) the code which throws
the OWASP Antisamy IntrusionDetector message in log
Modified:
ofbiz/trunk/applications/accounting/servicedef/
services_agreement.xml
ofbiz/trunk/applications/accounting/servicedef/services_invoice.xml
ofbiz/trunk/applications/content/servicedef/services.xml
ofbiz/trunk/applications/content/servicedef/services_content.xml
ofbiz/trunk/applications/content/servicedef/services_data.xml
ofbiz/trunk/applications/marketing/servicedef/services_
opportunity.xml
ofbiz/trunk/applications/order/servicedef/services.xml
ofbiz/trunk/applications/order/servicedef/services_quote.xml
ofbiz/trunk/applications/order/servicedef/services_request.xml
ofbiz/trunk/applications/party/servicedef/services.xml
ofbiz/trunk/applications/product/servicedef/services.xml
ofbiz/trunk/applications/product/servicedef/services_pricepromo.xml
ofbiz/trunk/applications/workeffort/servicedef/services.xml
ofbiz/trunk/framework/common/servicedef/services.xml
ofbiz/trunk/framework/common/servicedef/services_email.xml
ofbiz/trunk/framework/service/dtd/services.xsd
ofbiz/trunk/framework/service/src/org/ofbiz/service/
ModelService.java
ofbiz/trunk/specialpurpose/ebaystore/servicedef/services.xml
Modified: ofbiz/trunk/applications/accounting/servicedef/
services_agreement.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/
accounting/servicedef/services_agreement.xml?rev=
1536324&r1=1536323&r2=1536324&view=diff
==============================================================================
---
ofbiz/trunk/applications/accounting/servicedef/services_agreement.xml
(original) +++
ofbiz/trunk/applications/accounting/servicedef/services_agreement.xml
Mon Oct 28 12:12:43 2013 @@ -30,7 +30,7 @@ under the
License. <permission-service
service-name="acctgAgreementPermissionCheck"
main-action="CREATE"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<auto-attributes include="pk" mode="OUT" optional="true"/>
- <override name="textData" allow-html="safe"/>
+ <override name="textData" allow-html="any"/>
</service>
<service name="updateAgreement" default-entity-name="Agreement"
engine="simple"
location="component://accounting/script/org/ofbiz/
accounting/agreement/AgreementServices.xml"
invoke="updateAgreement" auth="true"> @@ -38,7 +38,7 @@ under the
License.
<permission-service service-name="acctgAgreementPermissionCheck"
main-action="UPDATE"/>
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
- <override name="textData" allow-html="safe"/>
+ <override name="textData" allow-html="any"/>
</service>
<service name="cancelAgreement" default-entity-name="Agreement"
engine="simple"
location="component://accounting/script/org/ofbiz/
accounting/agreement/AgreementServices.xml"
invoke="cancelAgreement" auth="true"> @@ -65,7 +65,7 @@ under the
License.
<permission-service service-name="acctgAgreementPermissionCheck"
main-action="CREATE"/>
<auto-attributes include="pk" mode="INOUT" optional="true"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
- <override name="agreementText" allow-html="safe"/>
+ <override name="agreementText" allow-html="any"/>
</service>
<service name="updateAgreementItem" default-entity-name="AgreementItem"
engine="simple"
location="component://accounting/script/org/ofbiz/
accounting/agreement/AgreementServices.xml"
invoke="updateAgreementItem" auth="true"> @@ -73,7 +73,7 @@ under the
License.
<permission-service service-name="acctgAgreementPermissionCheck"
main-action="UPDATE"/>
<auto-attributes include="pk" mode="IN" optional="true"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
- <override name="agreementText" allow-html="safe"/>
+ <override name="agreementText" allow-html="any"/>
</service>
<service name="removeAgreementItem" default-entity-name="AgreementItem"
engine="simple"
location="component://accounting/script/org/ofbiz/
accounting/agreement/AgreementServices.xml"
invoke="removeAgreementItem" auth="true"> @@ -90,7 +90,7 @@ under the
License.
<permission-service service-name="acctgAgreementPermissionCheck"
main-action="CREATE"/>
<auto-attributes include="pk" mode="INOUT" optional="true"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
- <override name="textValue" allow-html="safe"/>
+ <override name="textValue" allow-html="any"/>
</service>
<service name="updateAgreementTerm" default-entity-name="AgreementTerm"
engine="simple"
location="component://accounting/script/org/ofbiz/
accounting/agreement/AgreementServices.xml"
invoke="updateAgreementTerm" auth="true"> @@ -98,7 +98,7 @@ under the
License.
<permission-service service-name="acctgAgreementPermissionCheck"
main-action="UPDATE"/>
<auto-attributes include="pk" mode="IN" optional="true"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
- <override name="textValue" allow-html="safe"/>
+ <override name="textValue" allow-html="any"/>
</service>
<service name="deleteAgreementTerm" default-entity-name="AgreementTerm"
engine="simple"
location="component://accounting/script/org/ofbiz/
accounting/agreement/AgreementServices.xml"
invoke="deleteAgreementTerm" auth="true">
Modified: ofbiz/trunk/applications/accounting/servicedef/
services_invoice.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/
accounting/servicedef/services_invoice.xml?rev=
1536324&r1=1536323&r2=1536324&view=diff
==============================================================================
---
ofbiz/trunk/applications/accounting/servicedef/services_invoice.xml
(original) +++
ofbiz/trunk/applications/accounting/servicedef/services_invoice.xml
Mon Oct 28 12:12:43 2013 @@ -56,8 +56,8 @@ under the
License. <override name="invoiceTypeId" mode="IN"
optional="false"/>
<override name="partyIdFrom" mode = "IN" optional="false"/>
<override name="partyId" mode = "IN" optional="false"/>
- <override name="description" allow-html="safe"/>
- <override name="invoiceMessage" allow-html="safe"/>
+ <override name="description" allow-html="any"/>
+ <override name="invoiceMessage" allow-html="any"/>
</service>
<service name="copyInvoice" engine="simple"
default-entity-name="Invoice"
location="component://accounting/script/org/ofbiz/
accounting/invoice/InvoiceServices.xml" invoke="copyInvoice">
@@ -80,8 +80,8 @@ under the License.
<permission-service service-name="acctgInvoicePermissionCheck"
main-action="UPDATE"/>
<auto-attributes mode="IN" include="pk" optional="false"/>
<auto-attributes mode="IN" include="nonpk" optional="true"/>
- <override name="description" allow-html="safe"/>
- <override name="invoiceMessage" allow-html="safe"/>
+ <override name="description" allow-html="any"/>
+ <override name="invoiceMessage" allow-html="any"/>
</service>
<service name="setInvoiceStatus" engine="simple"
location="component://accounting/script/org/ofbiz/
accounting/invoice/InvoiceServices.xml" invoke="setInvoiceStatus">
@@ -117,7 +117,7 @@ under the License.
<auto-attributes mode="IN" include="pk" optional="false"/>
<auto-attributes mode="IN" include="nonpk" optional="true"/>
<override name="invoiceItemSeqId" mode="INOUT"
optional="true"/><!-- will optionally be assigned by the system -->
- <override name="description" allow-html="safe"/>
+ <override name="description" allow-html="any"/>
</service>
<service name="updateInvoiceItem" engine="simple"
default-entity-name="InvoiceItem"
location="component://accounting/script/org/ofbiz/
accounting/invoice/InvoiceServices.xml" invoke="updateInvoiceItem">
@@ -125,7 +125,7 @@ under the License.
<permission-service service-name="acctgInvoicePermissionCheck"
main-action="UPDATE"/>
<auto-attributes mode="INOUT" include="pk" optional="false"/>
<auto-attributes mode="IN" include="nonpk" optional="true"/>
- <override name="description" allow-html="safe"/>
+ <override name="description" allow-html="any"/>
</service>
<service name="removeInvoiceItem" engine="simple"
default-entity-name="InvoiceItem"
location="component://accounting/script/org/ofbiz/
accounting/invoice/InvoiceServices.xml" invoke="removeInvoiceItem">
@@ -276,7 +276,7 @@ under the License.
<attribute name="sendTo" type="String" mode="IN"
optional="false"/>
<attribute name="sendCc" type="String" mode="IN"
optional="true"/>
<attribute name="subject" type="String" mode="IN"
optional="true"/>
- <attribute name="bodyText" type="String" mode="IN"
optional="true" allow-html="safe"/>
+ <attribute name="bodyText" type="String" mode="IN"
optional="true" allow-html="any"/>
<attribute name="other" type="String" mode="IN"
optional="true"/><!-- to send the invoice in the 'other' currency (y)
--> </service>
<service name="checkInvoicePaymentApplications" engine="java"
@@ -412,7 +412,7 @@ under the License.
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<auto-attributes entity-name="Content" include="nonpk"
mode="IN" optional="true"/>
- <attribute name="text" type="String" mode="IN"
optional="false" allow-html="safe"/>
+ <attribute name="text" type="String" mode="IN"
optional="false" allow-html="any"/>
<override name="contentId" optional="true"/>
<override name="fromDate" optional="true"/>
</service>
@@ -422,7 +422,7 @@ under the License.
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<auto-attributes mode="IN" entity-name="Content"
optional="true"/>
<attribute name="textDataResourceId" type="String" mode="IN"
optional="true"/>
- <attribute name="text" type="String" mode="IN"
optional="true" allow-html="safe"/>
+ <attribute name="text" type="String" mode="IN"
optional="true" allow-html="any"/>
</service>
<service name="isInvoiceInForeignCurrency" engine="simple"
location="component://accounting/script/org/ofbiz/
accounting/invoice/InvoiceServices.xml"
invoke="isInvoiceInForeignCurrency" auth="true">
Modified: ofbiz/trunk/applications/content/servicedef/services.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/
content/servicedef/services.xml?rev=1536324&r1=1536323&r2=
1536324&view=diff
==============================================================================
---
ofbiz/trunk/applications/content/servicedef/services.xml (original)
+++
ofbiz/trunk/applications/content/servicedef/services.xml Mon Oct 28
12:12:43 2013 @@ -291,12 +291,12 @@
<service name="createSimpleTextContent" engine="simple"
location="component://content/script/org/ofbiz/content/content/ContentServices.xml"
invoke="createSimpleTextContent">
<auto-attributes mode="IN" entity-name="Content" optional="true"/> -
<attribute name="text" type="String" mode="IN"
optional="false" allow-html="safe"/> + <attribute name="text"
type="String" mode="IN" optional="false"
allow-html="any"/> <override name="contentId" mode="INOUT"/>
</service>
<service name="updateSimpleTextContent" engine="simple"
location="component://content/script/org/ofbiz/content/content/ContentServices.xml"
invoke="updateSimpleTextContent">
<attribute name="textDataResourceId" type="String" mode="IN"
optional="true"/> - <attribute name="text" type="String"
mode="IN" optional="true" allow-html="safe"/> + <attribute
name="text" type="String" mode="IN" optional="true"
allow-html="any"/> </service>
<!-- Util -->
@@ -452,7 +452,7 @@
<attribute mode="IN" name="forceElectronicText"
optional="true" type="String"/>
<attribute mode="IN" name="displayFailCond" optional="true"
type="Boolean"/>
<attribute mode="INOUT" name="roleTypeList" optional="true"
type="List"/>
- <override name="textData" allow-html="safe"/>
+ <override name="textData" allow-html="any"/>
</service>
<service name="persistDataResourceAndData" engine="java"
@@ -1052,8 +1052,8 @@
<attribute name="statusId" type="String" mode="IN"
optional="true"/>
<attribute name="description" type="String" mode="IN"
optional="true"/>
<attribute name="templateDataResourceId" type="String"
mode="IN" optional="true"/>
- <attribute name="articleData" type="String" mode="IN"
optional="true" allow-html="safe"/>
- <attribute name="summaryData" type="String" mode="IN"
optional="true" allow-html="safe"/>
+ <attribute name="articleData" type="String" mode="IN"
optional="true" allow-html="any"/>
+ <attribute name="summaryData" type="String" mode="IN"
optional="true" allow-html="any"/>
</service>
<service name="updateBlogEntry" engine="simple" auth="true"
location="component://content/script/org/ofbiz/content/blog/BlogServices.xml"
invoke="updateBlogEntry">
@@ -1065,8 +1065,8 @@
<attribute name="statusId" type="String" mode="IN"
optional="true"/>
<attribute name="description" type="String" mode="IN"
optional="true"/>
<attribute name="templateDataResourceId" type="String"
mode="IN" optional="true"/>
- <attribute name="articleData" type="String" mode="IN"
optional="true" allow-html="safe"/>
- <attribute name="summaryData" type="String" mode="IN"
optional="true" allow-html="safe"/>
+ <attribute name="articleData" type="String" mode="IN"
optional="true" allow-html="any"/>
+ <attribute name="summaryData" type="String" mode="IN"
optional="true" allow-html="any"/>
</service>
<service name="getBlogEntry" engine="simple" auth="true"
location="component://content/script/org/ofbiz/content/blog/BlogServices.xml"
invoke="getBlogEntry">
Modified: ofbiz/trunk/applications/content/servicedef/services_
content.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/
content/servicedef/services_content.xml?rev=1536324&r1=
1536323&r2=1536324&view=diff
==============================================================================
---
ofbiz/trunk/applications/content/servicedef/services_content.xml
(original) +++
ofbiz/trunk/applications/content/servicedef/services_content.xml Mon
Oct 28 12:12:43 2013 @@ -48,8 +48,8 @@
<attribute name="fromDate" type="Timestamp" mode="IN"
optional="true"/>
<attribute name="sequenceNum" type="Long" mode="IN"
optional="true"/>
<override name="contentTypeId" default-value="DOCUMENT"/>
- <override name="contentName" allow-html="safe"/>
- <override name="description" allow-html="safe"/>
+ <override name="contentName" allow-html="any"/>
+ <override name="description" allow-html="any"/>
</service>
<service name="createTextAndUploadedContent" engine="simple"
auth="true"
@@ -131,8 +131,8 @@
<attribute mode="IN" name="displayFailCond" optional="true"
type="Boolean"/>
<attribute mode="INOUT" name="roleTypeList" optional="true"
type="List"/>
<!-- end of depricated fields -->
- <override name="contentName" allow-html="safe"/>
- <override name="description" allow-html="safe"/>
+ <override name="contentName" allow-html="any"/>
+ <override name="description" allow-html="any"/>
</service>
<service name="updateTextContent" engine="group" auth="true">
Modified: ofbiz/trunk/applications/content/servicedef/services_
data.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/
content/servicedef/services_data.xml?rev=1536324&r1=
1536323&r2=1536324&view=diff
==============================================================================
---
ofbiz/trunk/applications/content/servicedef/services_data.xml
(original) +++
ofbiz/trunk/applications/content/servicedef/services_data.xml Mon
Oct 28 12:12:43 2013 @@ -37,8 +37,8 @@
<attribute name="dataResourceId" type="String" mode="OUT"
optional="false"/>
<attribute name="dataResource" type="org.ofbiz.entity.GenericValue"
mode="OUT" optional="true"/>
<attribute name="uploadedFile" type="java.nio.ByteBuffer"
mode="IN" optional="true"/>
- <override name="objectInfo" allow-html="safe"/>
- <override name="dataResourceName" allow-html="safe"/>
+ <override name="objectInfo" allow-html="any"/>
+ <override name="dataResourceName" allow-html="any"/>
</service>
<service name="createDataResourceAndAssocToContent"
default-entity-name="DataResource" engine="simple"
location="component://content/
script/org/ofbiz/content/data/DataServices.xml"
invoke="createDataResourceAndAssocToContent" auth="true"> @@ -59,8
+59,8 @@
<attribute name="skipPermissionCheck" type="String" mode="IN"
optional="true"/>
<attribute name="dataResourceId" type="String" mode="OUT"
optional="false"/>
<attribute name="dataResource" type="org.ofbiz.entity.GenericValue"
mode="OUT" optional="true"/>
- <override name="objectInfo" allow-html="safe"/>
- <override name="dataResourceName" allow-html="safe"/>
+ <override name="objectInfo" allow-html="any"/>
+ <override name="dataResourceName" allow-html="any"/>
</service>
<service name="removeDataResource" engine="simple"
default-entity-name="DataResource" auth="true"
location="component://content/
script/org/ofbiz/content/data/DataServices.xml"
invoke="deleteDataResource">
@@ -90,7 +90,7 @@
<description>Create a DataResource and, possibly,
ElectronicText or ImageDataResource</description>
<auto-attributes include="pk" mode="INOUT" optional="true"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
- <attribute name="textData" mode="IN" optional="true"
type="String" allow-html="safe"/>
+ <attribute name="textData" mode="IN" optional="true"
type="String" allow-html="any"/>
<attribute name="targetOperationList" type="List" mode="IN"
optional="true"/>
<attribute name="contentPurposeList" type="List" mode="IN"
optional="true"/>
<attribute name="skipPermissionCheck" type="String" mode="IN"
optional="true"/>
@@ -100,7 +100,7 @@
<description>Create a DataResource and, possibly,
ElectronicText or ImageDataResource</description>
<auto-attributes include="pk" mode="IN" optional="true"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
- <attribute name="textData" mode="IN" type="String"
optional="true" allow-html="safe"/>
+ <attribute name="textData" mode="IN" type="String"
optional="true" allow-html="any"/>
<attribute name="targetOperationList" type="List" mode="IN"
optional="true"/>
<attribute name="contentPurposeList" type="List" mode="IN"
optional="true"/>
<attribute name="skipPermissionCheck" type="String" mode="IN"
optional="true"/>
@@ -115,7 +115,7 @@
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<override name="dataResourceTypeId" default-value="ELECTRONIC_
TEXT"/>
- <override name="textData" allow-html="safe"/>
+ <override name="textData" allow-html="any"/>
</service>
<service name="updateElectronicText" default-entity-name="ElectronicText"
engine="simple"
location="component://content/
script/org/ofbiz/content/data/DataServices.xml"
invoke="updateElectronicText"
auth="true"> @@ -124,7 +124,7 @@
<auto-attributes include="pk" mode="INOUT" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<attribute name="contentId" mode="INOUT" optional="true"
type="String"/><!-- to optionaly know where this text is
belonging to --> - <override name="textData"
allow-html="safe"/>
+ <override name="textData" allow-html="any"/>
</service>
<service name="removeElectronicText" default-entity-name="ElectronicText"
engine="simple"
location="component://content/
script/org/ofbiz/content/data/DataServices.xml"
invoke="removeElectronicText"
auth="true">
Modified: ofbiz/trunk/applications/marketing/servicedef/services_
opportunity.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/
marketing/servicedef/services_opportunity.xml?rev=1536324&
r1=1536323&r2=1536324&view=diff
==============================================================================
---
ofbiz/trunk/applications/marketing/servicedef/services_opportunity.xml
(original) +++
ofbiz/trunk/applications/marketing/servicedef/services_opportunity.xml
Mon Oct 28 12:12:43 2013 @@ -78,9 +78,9 @@ under the
License. </auto-attributes>
<attribute name="accountPartyId" mode="IN" type="String"
optional="true"/>
<attribute name="leadPartyId" mode="IN" type="String"
optional="true"/>
- <override name="opportunityName" allow-html="safe"/>
- <override name="description" allow-html="safe"/>
- <override name="nextStep" allow-html="safe"/>
+ <override name="opportunityName" allow-html="any"/>
+ <override name="description" allow-html="any"/>
+ <override name="nextStep" allow-html="any"/>
</service>
<service name="updateSalesOpportunity" engine="simple"
default-entity-name="SalesOpportunity"
location="component://order/script/org/ofbiz/order/
opportunity/OpportunityServices.xml" invoke="updateSalesOpportunity">
@@ -89,9 +89,9 @@ under the License.
<auto-attributes mode="IN" include="nonpk" optional="true"/>
<attribute name="accountPartyId" mode="IN" type="String"
optional="true"/>
<attribute name="leadPartyId" mode="IN" type="String"
optional="true"/>
- <override name="opportunityName" allow-html="safe"/>
- <override name="description" allow-html="safe"/>
- <override name="nextStep" allow-html="safe"/>
+ <override name="opportunityName" allow-html="any"/>
+ <override name="description" allow-html="any"/>
+ <override name="nextStep" allow-html="any"/>
</service>
<service name="createSalesOpportunityRole" engine="simple"
default-entity-name="SalesOpportunityRole"
location="component://order/script/org/ofbiz/order/
opportunity/OpportunityServices.xml"
invoke="createSalesOpportunityRole">
Modified: ofbiz/trunk/applications/order/servicedef/services.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/
order/servicedef/services.xml?rev=1536324&r1=1536323&r2=1536324&view=diff
==============================================================================
---
ofbiz/trunk/applications/order/servicedef/services.xml (original)
+++ ofbiz/trunk/applications/order/servicedef/services.xml
Mon Oct 28 12:12:43 2013 @@ -450,7 +450,7 @@ under the License.
location="org.ofbiz.order.order.OrderServices"
invoke="createOrderNote" auth="true">
<description>Create a note item and associate with a order
header</description>
<attribute name="orderId" type="String" mode="IN"/>
- <attribute name="note" type="String" mode="IN"
allow-html="safe"/>
+ <attribute name="note" type="String" mode="IN"
allow-html="any"/>
<attribute name="internalNote" type="String" mode="IN"/>
<attribute name="noteName" type="String" mode="IN"
optional="true"/>
</service>
Modified: ofbiz/trunk/applications/order/servicedef/services_
quote.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/
order/servicedef/services_quote.xml?rev=1536324&r1=
1536323&r2=1536324&view=diff
==============================================================================
---
ofbiz/trunk/applications/order/servicedef/services_quote.xml
(original) +++
ofbiz/trunk/applications/order/servicedef/services_quote.xml Mon Oct
28 12:12:43 2013 @@ -255,7 +255,7 @@ under the License.
location="component://order/script/org/ofbiz/order/quote/QuoteServices.xml"
invoke="createQuoteNote" auth="true">
<description>Create a note item and associate with a
quote</description>
<attribute name="quoteId" type="String" mode="IN"/>
- <attribute name="noteInfo" type="String" mode="IN"
allow-html="safe"/>
+ <attribute name="noteInfo" type="String" mode="IN"
allow-html="any"/>
<attribute name="noteName" type="String" mode="IN"
optional="true"/>
</service>
</services>
Modified: ofbiz/trunk/applications/order/servicedef/services_
request.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/
order/servicedef/services_request.xml?rev=1536324&r1=
1536323&r2=1536324&view=diff
==============================================================================
---
ofbiz/trunk/applications/order/servicedef/services_request.xml
(original) +++
ofbiz/trunk/applications/order/servicedef/services_request.xml Mon
Oct 28 12:12:43 2013 @@ -42,9 +42,9 @@ under the License.
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<auto-attributes include="all" mode="IN"
entity-name="CustRequestItem" optional="true"/>
<attribute name="webSiteId" type="String" mode="IN"
optional="true"/><!-- for notification services -->
- <override name="custRequestName" allow-html="safe"/>
- <override name="description" allow-html="safe"/>
- <override name="story" allow-html="safe"/>
+ <override name="custRequestName" allow-html="any"/>
+ <override name="description" allow-html="any"/>
+ <override name="story" allow-html="any"/>
</service>
<service name="updateCustRequest" engine="simple"
default-entity-name="CustRequest"
location="component://order/script/org/ofbiz/order/
request/CustRequestServices.xml" invoke="updateCustRequest"
auth="true"> @@ -52,10 +52,10 @@ under the License.
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<attribute name="oldStatusId" type="String" mode="OUT"/>
- <attribute name="story" mode="IN" type="String"
optional="true" allow-html="safe"/>
+ <attribute name="story" mode="IN" type="String"
optional="true" allow-html="any"/>
<attribute name="webSiteId" type="String" mode="IN"
optional="true"/><!-- for notification services -->
- <override name="custRequestName" allow-html="safe"/>
- <override name="description" allow-html="safe"/>
+ <override name="custRequestName" allow-html="any"/>
+ <override name="description" allow-html="any"/>
</service>
<service name="deleteCustRequest" engine="simple"
default-entity-name="CustRequest"
@@ -86,16 +86,16 @@ under the License.
<auto-attributes include="pk" mode="INOUT" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<override name="custRequestItemSeqId" optional="true"/>
- <override name="story" allow-html="safe"/>
- <override name="description" allow-html="safe"/>
+ <override name="story" allow-html="any"/>
+ <override name="description" allow-html="any"/>
</service>
<service name="updateCustRequestItem" engine="simple"
default-entity-name="CustRequestItem"
location="component://order/script/org/ofbiz/order/
request/CustRequestServices.xml" invoke="updateCustRequestItem"
auth="true"> <description>Update a CustRequestItem
record</description>
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
- <override name="story" allow-html="safe"/>
- <override name="description" allow-html="safe"/>
+ <override name="story" allow-html="any"/>
+ <override name="description" allow-html="any"/>
</service>
<service name="copyCustRequestItem" default-entity-name="CustRequestItem"
engine="simple"
location="component://order/script/org/ofbiz/order/
request/CustRequestServices.xml" invoke="copyCustRequestItem"
auth="true"> @@ -129,7 +129,7 @@ under the License.
location="component://order/script/org/ofbiz/order/
request/CustRequestServices.xml" invoke="createCustRequestNote"
auth="true"> <description>Create a note for a
CustRequest</description>
<attribute name="custRequestId" type="String" mode="IN"
optional="false"/>
- <attribute name="noteInfo" type="String" mode="IN"
optional="false" allow-html="safe"/>
+ <attribute name="noteInfo" type="String" mode="IN"
optional="false" allow-html="any"/>
<attribute name="noteId" type="String" mode="OUT"
optional="false"/>
<attribute name="fromPartyId" type="String" mode="OUT"
optional="true"/><!-- party to be notified -->
<attribute name="custRequestName" type="String" mode="OUT"
optional="true"/><!-- for notification services -->
@@ -138,7 +138,7 @@ under the License.
location="component://order/script/org/ofbiz/order/
request/CustRequestServices.xml" invoke="updateCustRequestNote"
auth="true"> <description>Update CustRequest Note</description>
<attribute name="custRequestId" type="String" mode="IN"
optional="false"/>
- <attribute name="noteId" type="String" mode="IN"
optional="false" allow-html="safe"/>
+ <attribute name="noteId" type="String" mode="IN"
optional="false" allow-html="any"/>
<attribute name="noteInfo" type="String" mode="IN"
optional="true"/>
</service>
<service name="createCustRequestItemNote" engine="simple"
@@ -146,7 +146,7 @@ under the License.
<description>Create a note for a CustRequestItem</description>
<attribute name="custRequestId" type="String" mode="IN"
optional="false"/>
<attribute name="custRequestItemSeqId" type="String" mode="IN"
optional="false"/>
- <attribute name="note" type="String" mode="IN"
optional="false" allow-html="safe"/>
+ <attribute name="note" type="String" mode="IN"
optional="false" allow-html="any"/>
<attribute name="noteId" type="String" mode="OUT"
optional="false"/>
<attribute name="partyId" type="String" mode="INOUT"
optional="true"/><!-- party who created the note -->
<attribute name="fromPartyId" type="String" mode="OUT"
optional="true"/><!-- party to be notified -->
@@ -178,7 +178,7 @@ under the License.
<description>Set the Customer Request Status</description>
<attribute name="custRequestId" type="String" mode="INOUT"
optional="false"/>
<attribute name="statusId" type="String" mode="IN"
optional="false"/>
- <attribute name="reason" type="String" mode="IN"
optional="true" allow-html="safe"/>
+ <attribute name="reason" type="String" mode="IN"
optional="true" allow-html="any"/>
<attribute name="oldStatusId" type="String" mode="OUT"
optional="true"/>
<attribute name="fromPartyId" type="String" mode="OUT"
optional="true"/><!-- for notification services -->
<attribute name="custRequestName" type="String" mode="OUT"
optional="true"/><!-- for notification services -->
@@ -192,9 +192,9 @@ under the License.
<attribute name="custRequestId" mode="IN" type="String"
optional="true"/>
<attribute name="custRequestId" mode="OUT" type="String"
optional="false"/>
<attribute name="custRequestTypeId" mode="IN" type="String"
optional="true"/>
- <attribute name="custRequestName" mode="IN" type="String"
optional="true" allow-html="safe"/>
- <attribute name="story" mode="IN" type="String"
optional="true" allow-html="safe"/>
- <override name="content" allow-html="safe"/>
+ <attribute name="custRequestName" mode="IN" type="String"
optional="true" allow-html="any"/>
+ <attribute name="story" mode="IN" type="String"
optional="true" allow-html="any"/>
+ <override name="content" allow-html="any"/>
</service>
<!-- custRequest content services -->
Modified: ofbiz/trunk/applications/party/servicedef/services.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/
party/servicedef/services.xml?rev=1536324&r1=1536323&r2=1536324&view=diff
==============================================================================
---
ofbiz/trunk/applications/party/servicedef/services.xml (original)
+++ ofbiz/trunk/applications/party/servicedef/services.xml
Mon Oct 28 12:12:43 2013 @@ -120,7 +120,7 @@ under the License.
<attribute name="externalId" type="String" mode="IN"
optional="true"/>
<attribute name="statusId" type="String" mode="IN"
optional="true"/>
<override name="groupName" optional="false"/>
- <override name="comments" allow-html="safe"/>
+ <override name="comments" allow-html="any"/>
</service>
<service name="updatePartyGroup" engine="java"
default-entity-name="PartyGroup"
location="org.ofbiz.party.party.PartyServices"
invoke="updatePartyGroup" auth="true">
@@ -133,7 +133,7 @@ under the License.
<attribute name="preferredCurrencyUomId" type="String"
mode="IN" optional="true"/>
<attribute name="externalId" type="String" mode="IN"
optional="true"/>
<attribute name="statusId" type="String" mode="IN"
optional="true"/>
- <override name="comments" allow-html="safe"/>
+ <override name="comments" allow-html="any"/>
</service>
<service name="savePartyNameChange" engine="simple"
@@ -379,7 +379,7 @@ under the License.
<description>create a company/contact relationship and add the
related roles</description>
<attribute name="accountPartyId" type="String" mode="IN"/>
<attribute name="contactPartyId" type="String" mode="IN"/>
- <attribute name="comments" type="String" mode="IN"
optional="true" allow-html="safe"/>
+ <attribute name="comments" type="String" mode="IN"
optional="true" allow-html="any"/>
</service>
<!-- ContactMech services -->
@@ -768,9 +768,9 @@ under the License.
<attribute name="custRequestId" type="String" mode="IN"
optional="true"/>
<attribute name="action" type="String" mode="IN"
optional="true"/><!-- to indicate any special action like: REPLY,
REPLYALL, FORWARD or empty for no special action--> <override
name="headerString" allow-html="any"/>
- <override name="content" allow-html="safe"/>
- <override name="messageId" allow-html="safe"/>
- <override name="subject" allow-html="safe"/>
+ <override name="content" allow-html="any"/>
+ <override name="messageId" allow-html="any"/>
+ <override name="subject" allow-html="any"/>
</service>
<service name="createCommunicationEvent" engine="simple"
location="component://party/script/org/ofbiz/party/
communication/CommunicationEventServices.xml"
invoke="createCommunicationEventWithPermission" auth="true"> @@
-792,9 +792,9 @@ under the License.
<auto-attributes entity-name="CommunicationEvent"
include="nonpk" mode="IN" optional="true"/>
<attribute name="contactMechPurposeTypeIdFrom" type="String"
mode="IN" optional="true"><description>Set a specific
purpose for the originator email</description></attribute>
<attribute name="oldStatusId" type="String" mode="OUT"
optional="true"/>
- <override name="messageId" allow-html="safe"/>
- <override name="content" allow-html="safe"/>
- <override name="subject" allow-html="safe"/>
+ <override name="messageId" allow-html="any"/>
+ <override name="content" allow-html="any"/>
+ <override name="subject" allow-html="any"/>
</service>
<service name="deleteCommunicationEvent" engine="simple"
location="component://party/script/org/ofbiz/party/
communication/CommunicationEventServices.xml"
invoke="deleteCommunicationEvent" auth="true">
Modified: ofbiz/trunk/applications/product/servicedef/services.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/
product/servicedef/services.xml?rev=1536324&r1=1536323&r2=
1536324&view=diff
==============================================================================
---
ofbiz/trunk/applications/product/servicedef/services.xml (original)
+++
ofbiz/trunk/applications/product/servicedef/services.xml Mon Oct 28
12:12:43 2013 @@ -34,8 +34,8 @@ under the License.
<exclude field-name="lastModifiedDate"/>
<exclude field-name="lastModifiedByUserLogin"/>
</auto-attributes>
- <override name="description" allow-html="safe"/>
- <override name="longDescription" allow-html="safe"/>
+ <override name="description" allow-html="any"/>
+ <override name="longDescription" allow-html="any"/>
</service>
<service name="createProduct" default-entity-name="Product"
engine="simple"
location="component://product/
script/org/ofbiz/product/product/ProductServices.xml"
invoke="createProduct"
auth="true"> @@ -70,8 +70,8 @@ under the License.
<attribute name="oldProductId" type="String" mode="IN"
optional="false"/>
<attribute name="newInternalName" type="String" mode="IN"
optional="true"/>
<attribute name="newProductName" type="String" mode="IN"
optional="true"/>
- <attribute name="newDescription" type="String" mode="IN"
optional="true" allow-html="safe"/>
- <attribute name="newLongDescription" type="String" mode="IN"
optional="true" allow-html="safe"/>
+ <attribute name="newDescription" type="String" mode="IN"
optional="true" allow-html="any"/>
+ <attribute name="newLongDescription" type="String" mode="IN"
optional="true" allow-html="any"/>
<attribute name="duplicatePrices" type="String" mode="IN"
optional="true"/>
<attribute name="duplicateIDs" type="String" mode="IN"
optional="true"/>
<attribute name="duplicateContent" type="String" mode="IN"
optional="true"/>
@@ -392,7 +392,7 @@ under the License.
<auto-attributes mode="IN" entity-name="Content"
optional="true"/>
<attribute name="subject" type="String" mode="IN"
optional="false"/>
<attribute name="plainBody" type="String" mode="IN"
optional="false"/>
- <attribute name="htmlBody" type="String" mode="IN"
optional="true" allow-html="safe"/>
+ <attribute name="htmlBody" type="String" mode="IN"
optional="true" allow-html="any"/>
<override name="contentId" optional="true" mode="INOUT"/>
</service>
<service name="updateEmailContentForProduct"
default-entity-name="ProductContent"
engine="simple"
@@ -405,7 +405,7 @@ under the License.
<attribute name="plainBodyDataResourceId" type="String"
mode="IN" optional="true"/>
<attribute name="plainBody" type="String" mode="IN"
optional="true"/>
<attribute name="htmlBodyDataResourceId" type="String"
mode="IN" optional="true"/>
- <attribute name="htmlBody" type="String" mode="IN"
optional="true" allow-html="safe"/>
+ <attribute name="htmlBody" type="String" mode="IN"
optional="true" allow-html="any"/>
</service>
<service name="createDownloadContentForProduct"
default-entity-name="ProductContent" engine="simple"
location="component://product/script/org/ofbiz/product/
product/ProductContentServices.xml"
invoke="createDownloadContentForProduct" auth="true"> @@ -431,7
+431,7 @@ under the License.
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<auto-attributes entity-name="Content" include="nonpk"
mode="IN" optional="true"/>
- <attribute name="text" type="String" mode="IN"
optional="false" allow-html="safe"/>
+ <attribute name="text" type="String" mode="IN"
optional="false" allow-html="any"/>
<override name="contentId" optional="true"/>
<override name="fromDate" optional="true"/>
</service>
@@ -441,13 +441,13 @@ under the License.
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<auto-attributes mode="IN" entity-name="Content"
optional="true"/>
<attribute name="textDataResourceId" type="String" mode="IN"
optional="true"/>
- <attribute name="text" type="String" mode="IN"
optional="true" allow-html="safe"/>
+ <attribute name="text" type="String" mode="IN"
optional="true" allow-html="any"/>
</service>
<service name="createSimpleTextContentForAlternateLocale"
engine="simple"
location="component://product/script/org/ofbiz/product/
product/ProductContentServices.xml"
invoke="createSimpleTextContentForAlternateLocale">
<auto-attributes mode="IN" entity-name="Content" optional="true"/>
<attribute name="mainContentId" type="String" mode="IN"
optional="false"/> - <attribute name="text" type="String"
mode="IN" optional="false" allow-html="safe"/> + <attribute
name="text" type="String" mode="IN" optional="false"
allow-html="any"/> <override name="localeString"
optional="false"/>
<override name="contentId" mode="INOUT"/>
</service>
@@ -967,7 +967,7 @@ under the License.
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<auto-attributes entity-name="Content" include="nonpk"
mode="IN" optional="true"/>
- <attribute name="text" type="String" mode="IN"
optional="false" allow-html="safe"/>
+ <attribute name="text" type="String" mode="IN"
optional="false" allow-html="any"/>
<override name="contentId" optional="true"/>
<override name="fromDate" optional="true"/>
</service>
@@ -977,7 +977,7 @@ under the License.
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<auto-attributes entity-name="Content" include="nonpk"
mode="IN" optional="true"/>
<attribute name="textDataResourceId" type="String" mode="IN"
optional="true"/>
- <attribute name="text" type="String" mode="IN"
optional="true" allow-html="safe"/>
+ <attribute name="text" type="String" mode="IN"
optional="true" allow-html="any"/>
</service>
<service name="updateContentSEOForCategory" engine="simple"
@@ -1201,7 +1201,7 @@ under the License.
<auto-attributes include="pk" mode="IN" optional="true"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<auto-attributes mode="IN" entity-name="Content"
optional="true"/>
- <attribute name="text" type="String" mode="IN"
optional="false" allow-html="safe"/>
+ <attribute name="text" type="String" mode="IN"
optional="false" allow-html="any"/>
<override name="contentId" optional="true"/>
</service>
<service name="updateSimpleTextContentForProductConfigItem"
default-entity-name="ProdConfItemContent" engine="simple"
@@ -1210,7 +1210,7 @@ under the License.
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<auto-attributes mode="IN" entity-name="Content"
optional="true"/>
<attribute name="textDataResourceId" type="String" mode="IN"
optional="true"/>
- <attribute name="text" type="String" mode="IN"
optional="true" allow-html="safe"/>
+ <attribute name="text" type="String" mode="IN"
optional="true" allow-html="any"/>
</service>
<service name="getProductFeaturesByType" engine="java"
location="org.ofbiz.product.feature.ProductFeatureServices"
invoke="getProductFeaturesByType">
Modified: ofbiz/trunk/applications/product/servicedef/services_
pricepromo.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/
product/servicedef/services_pricepromo.xml?rev=1536324&r1=
1536323&r2=1536324&view=diff
==============================================================================
---
ofbiz/trunk/applications/product/servicedef/services_pricepromo.xml
(original) +++
ofbiz/trunk/applications/product/servicedef/services_pricepromo.xml
Mon Oct 28 12:12:43 2013 @@ -138,7 +138,7 @@ under the
License. <exclude field-name="lastModifiedByUserLogin"/>
</auto-attributes>
<override name="promoName" optional="false"/>
- <override name="promoText" allow-html="safe"/>
+ <override name="promoText" allow-html="any"/>
</service>
<service name="updateProductPromo" default-entity-name="ProductPromo"
engine="simple"
location="component://product/
script/org/ofbiz/product/promo/PromoServices.xml"
invoke="updateProductPromo"
auth="true"> @@ -150,7 +150,7 @@ under the License.
<exclude field-name="lastModifiedDate"/>
<exclude field-name="lastModifiedByUserLogin"/>
</auto-attributes>
- <override name="promoText" allow-html="safe"/>
+ <override name="promoText" allow-html="any"/>
</service>
<service name="deleteProductPromo" default-entity-name="ProductPromo"
engine="simple"
location="component://product/
script/org/ofbiz/product/promo/PromoServices.xml"
invoke="deleteProductPromo"
auth="true">
Modified: ofbiz/trunk/applications/workeffort/servicedef/services.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/
workeffort/servicedef/services.xml?rev=1536324&r1=
1536323&r2=1536324&view=diff
==============================================================================
---
ofbiz/trunk/applications/workeffort/servicedef/services.xml
(original) +++
ofbiz/trunk/applications/workeffort/servicedef/services.xml Mon Oct
28 12:12:43 2013 @@ -35,8 +35,8 @@ under the License.
<exclude field-name="lastModifiedDate"/>
<exclude field-name="lastModifiedByUserLogin"/>
</auto-attributes>
- <override name="workEffortName" allow-html="safe"/>
- <override name="description" allow-html="safe"/>
+ <override name="workEffortName" allow-html="any"/>
+ <override name="description" allow-html="any"/>
</service>
<service name="createWorkEffort" default-entity-name="WorkEffort"
engine="simple"
location="component://workeffort/script/org/ofbiz/
workeffort/workeffort/WorkEffortSimpleServices.xml"
invoke="createWorkEffort"> @@ -50,9 +50,9 @@ under the License.
<attribute name="communicationEventId" type="String" mode="IN"
optional="true"/>
<attribute name="webSiteId" type="String" mode="IN"
optional="true"/><!-- for notification services -->
<override name="workEffortTypeId" optional="false"/>
- <override name="workEffortName" optional="false"
allow-html="safe"/>
+ <override name="workEffortName" optional="false"
allow-html="any"/>
<override name="currentStatusId" optional="false"/>
- <override name="description" allow-html="safe"/>
+ <override name="description" allow-html="any"/>
</service>
<service name="createWorkEffortAndPartyAssign"
default-entity-name="WorkEffort" engine="simple"
location="component://workeffort/script/org/ofbiz/
workeffort/workeffort/WorkEffortSimpleServices.xml"
invoke="createWorkEffortAndPartyAssign"> @@ -429,7 +429,7 @@ under
the License.
<auto-attributes include="pk" mode="IN" optional="false"
entity-name="CustRequestWorkEffort"/>
<auto-attributes include="all" mode="IN" optional="true"
entity-name="CustRequest"/>
<override name="custRequestId" optional="true" mode="INOUT"/>
- <override name="description" allow-html="safe"/>
+ <override name="description" allow-html="any"/>
</service>
<service name="deleteWorkEffortRequest" engine="simple"
location="component://workeffort/script/org/ofbiz/
workeffort/workeffort/WorkEffortSimpleServices.xml"
invoke="deleteWorkEffortRequest" auth="true"> <description>Deletes a
CustRequestWorkEffort</description>
Modified: ofbiz/trunk/framework/common/servicedef/services.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/
servicedef/services.xml?rev=1536324&r1=1536323&r2=1536324&view=diff
==============================================================================
---
ofbiz/trunk/framework/common/servicedef/services.xml (original) +++
ofbiz/trunk/framework/common/servicedef/services.xml Mon
Oct 28 12:12:43 2013 @@ -63,7 +63,7 @@ under the License.
<description>Create a new note record</description>
<attribute name="partyId" type="String" mode="INOUT"
optional="true"/>
<attribute name="noteName" type="String" mode="IN"
optional="true"/>
- <attribute name="note" type="String" mode="IN"
allow-html="safe"/>
+ <attribute name="note" type="String" mode="IN"
allow-html="any"/>
<attribute name="noteId" type="String" mode="OUT"/>
</service>
@@ -72,7 +72,7 @@ under the License.
<description>Update a note record</description>
<auto-attributes include="pk" mode="INOUT" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
- <override name="noteInfo" allow-html="safe"/>
+ <override name="noteInfo" allow-html="any"/>
</service>
<service name="adjustDebugLevels" engine="java"
@@ -109,7 +109,7 @@ under the License.
<auto-attributes include="pk" mode="OUT" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<override name="enumTypeId" optional="false"/>
- <override name="description" optional="false"
allow-html="safe"/>
+ <override name="description" optional="false"
allow-html="any"/>
</service>
<service name="updateEnumeration" default-entity-name="Enumeration"
engine="simple"
location="component://common/script/org/ofbiz/common/EnumerationServices.xml"
invoke="updateEnumeration" auth="true">
@@ -118,7 +118,7 @@ under the License.
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<override name="enumTypeId" optional="false"/>
- <override name="description" optional="false"
allow-html="safe"/>
+ <override name="description" optional="false"
allow-html="any"/>
</service>
<service name="deleteEnumeration" default-entity-name="Enumeration"
engine="entity-auto" invoke="delete" auth="true">
<description>Delete a Enumeration</description>
Modified: ofbiz/trunk/framework/common/servicedef/services_email.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/
servicedef/services_email.xml?rev=1536324&r1=1536323&r2=1536324&view=diff
==============================================================================
---
ofbiz/trunk/framework/common/servicedef/services_email.xml
(original) +++
ofbiz/trunk/framework/common/servicedef/services_email.xml Mon Oct
28 12:12:43 2013 @@ -42,7 +42,7 @@ under the License.
<attribute name="sendFailureNotification" mode="IN"
type="Boolean" optional="true"/>
<attribute name="sendPartial" mode="IN" type="Boolean"
optional="true"/>
<attribute name="startTLSEnabled" mode="IN" type="Boolean"
optional="true"/>
- <attribute name="subject" type="String" mode="INOUT"
optional="true" allow-html="safe"/>
+ <attribute name="subject" type="String" mode="INOUT"
optional="true" allow-html="any"/>
<attribute name="contentType" type="String" mode="INOUT"
optional="true"/>
<attribute name="partyId" type="String" mode="INOUT"
optional="true"/>
<attribute name="messageId" type="String" mode="INOUT"
optional="true"/>
@@ -56,7 +56,7 @@ under the License.
<service name="sendMailOnePartInterface" engine="interface"
location="" invoke="">
<description>Interface service for sendMail*
services.</description>
<implements service="sendMailInterface"/>
- <attribute name="body" type="String" mode="INOUT"
optional="false" allow-html="safe"/>
+ <attribute name="body" type="String" mode="INOUT"
optional="false" allow-html="any"/>
<override name="contentType" mode="INOUT"/>
<override name="subject" mode="INOUT" optional="false"/>
<override name="emailType" type="String" mode="INOUT"
optional="true"/>
@@ -98,12 +98,12 @@ under the License.
<implements service="sendMailInterface"/>
<attribute name="bodyUrl" type="String" mode="IN"
optional="false"/>
<attribute name="bodyUrlParameters" type="Map" mode="IN"
optional="true"/>
- <attribute name="body" type="String" mode="OUT"
optional="false" allow-html="safe"/>
+ <attribute name="body" type="String" mode="OUT"
optional="false" allow-html="any"/>
</service>
<service name="sendMailFromScreenInterface" engine="interface"
location="" invoke="">
<description>Interface service for E-Mail sent From Screen
Widget</description>
<implements service="sendMailInterface"/>
- <attribute name="bodyText" type="String" mode="IN"
optional="true" allow-html="safe"/>
+ <attribute name="bodyText" type="String" mode="IN"
optional="true" allow-html="any"/>
<attribute name="bodyScreenUri" type="String" mode="IN"
optional="true"/>
<attribute name="xslfoAttachScreenLocation" type="String"
mode="IN" optional="true"/>
<attribute name="attachmentName" type="String" mode="IN"
optional="true"/>
@@ -132,7 +132,7 @@ under the License.
<implements service="sendMailInterface"/>
<attribute name="emailTemplateSettingId" type="String"
mode="IN" optional="false"/>
<attribute name="partyIdTo" type="String" mode="IN"
optional="true"/>
- <attribute name="bodyText" type="String" mode="IN"
optional="true" allow-html="safe"/>
+ <attribute name="bodyText" type="String" mode="IN"
optional="true" allow-html="any"/>
<attribute name="attachmentName" type="String" mode="IN"
optional="true"/>
<attribute name="bodyParameters" type="Map" mode="IN"
optional="true"/>
<attribute name="webSiteId" type="String" mode="IN"
optional="true"/>
@@ -143,8 +143,8 @@ under the License.
location="" invoke="">
<description>Send Template Based Notification
Service</description>
<implements service="sendMailInterface"/>
- <attribute name="body" type="String" mode="INOUT"
optional="true" allow-html="safe"/>
- <attribute name="baseUrl" type="String" mode="IN"
optional="true" allow-html="safe"/>
+ <attribute name="body" type="String" mode="INOUT"
optional="true" allow-html="any"/>
+ <attribute name="baseUrl" type="String" mode="IN"
optional="true" allow-html="any"/>
<attribute name="templateName" type="String" mode="IN"
optional="false"/>
<attribute name="templateData" type="Map" mode="IN"
optional="true"/>
<attribute name="webSiteId" type="String" mode="IN"
optional="true"/>
@@ -153,7 +153,7 @@ under the License.
location="" invoke="">
<description>Send Template Based Notification
Service</description>
<implements service="prepareNotificationInterface"/>
- <attribute name="body" type="String" mode="IN"
optional="true" allow-html="safe"/>
+ <attribute name="body" type="String" mode="IN"
optional="true" allow-html="any"/>
<attribute name="templateName" type="String" mode="IN"
optional="false"/>
<attribute name="templateData" type="Map" mode="IN"
optional="true"/>
<attribute name="webSiteId" type="String" mode="IN"
optional="true"/>
Modified: ofbiz/trunk/framework/service/dtd/services.xsd
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/
dtd/services.xsd?rev=1536324&r1=1536323&r2=1536324&view=diff
============================================================
==================
--- ofbiz/trunk/framework/service/dtd/services.xsd (original)
+++ ofbiz/trunk/framework/service/dtd/services.xsd Mon Oct 28
12:12:43 2013
@@ -106,6 +106,7 @@ under the License.
If set to true and there is a transaction already
in place the Service Engine will suspend that transaction,
begin a new one just for this service, commit or
rollback the local transaction when the service is
complete, and will resume the original
transaction. If set to true and there is no transaction already in
place it will just begin a transaction and manage it as would be done
for a normal user-transaction=true. If
use-transaction=false this setting is ignored. +
Beware: using require-new-transaction=true
in a service called (maybe not directly) by a pre-invoke
or earlier event ( preprocessor, firstvisit and so on) is
not yet supported. </xs:documentation> </xs:annotation>
<xs:simpleType>
@@ -348,11 +349,18 @@ under the License.
</xs:simpleType>
</xs:attribute>
<xs:attribute name="allow-html" use="optional" default="none">
- <xs:annotation><xs:documentation>See the documentation
on the allow-html attribute of the "attribute"
element.</xs:documentation></xs:annotation> +
<xs:annotation>
+ <xs:documentation>
+ Applies only to String fields.
+ Only checked for incoming parameters/attributes
(could change in the future, but this is meant for
validating input from users, other systems, etc). +
Defaults to "none" meaning no HTML is allowed (will
result in an error message). + If some HTML is
desired then use "any".
+ There was previously "safe" but it's deprecated
+ </xs:documentation>
+ </xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="any"/>
- <xs:enumeration value="safe"/>
<xs:enumeration value="none"/>
</xs:restriction>
</xs:simpleType>
@@ -424,13 +432,12 @@ under the License.
Applies only to String fields.
Only checked for incoming parameters/attributes (could
change in the future, but this is meant for validating
input from users, other systems, etc). Defaults to
"none" meaning no HTML is allowed (will result in an error
message).
- If some HTML is desired then use "safe" which will
follow the rules in the antisamy-esapi.xml file. This
should be safe for both internal and public users.
- In rare cases when users are trusted or it is not a
sensitive field the "any" option may be used to not check
the HTML content at all. + If some HTML is desired
then use "any".
+ There was previously "safe" but it's deprecated
</xs:documentation></xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="any"/>
- <xs:enumeration value="safe"/>
<xs:enumeration value="none"/>
</xs:restriction>
</xs:simpleType>
@@ -477,11 +484,18 @@ under the License.
</xs:simpleType>
</xs:attribute>
<xs:attribute name="allow-html" use="optional">
- <xs:annotation><xs:documentation>See the documentation
on the allow-html attribute of the "attribute" element.
Note that it is slightly different here as there is no
defualt.</xs:documentation></xs:annotation> + <xs:annotation>
+ <xs:documentation>
+ Applies only to String fields.
+ Only checked for incoming parameters/attributes
(could change in the future, but this is meant for
validating input from users, other systems, etc). +
There is no default, "none" means no HTML is allowed
(will result in an error message). + If some HTML
is desired then use "any".
+ There was previously "safe" but it's deprecated
+ </xs:documentation>
+ </xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="any"/>
- <xs:enumeration value="safe"/>
<xs:enumeration value="none"/>
</xs:restriction>
</xs:simpleType>
Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/
ModelService.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/
src/org/ofbiz/service/ModelService.java?rev=1536324&
r1=1536323&r2=1536324&view=diff
==============================================================================
---
ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java
(original) +++
ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java
Mon Oct 28 12:12:43 2013 @@ -575,18 +575,12 @@ public
class ModelService extends Abstra // required and type
validation complete, do allow-html validation
if ("IN".equals(mode)) {
List<String> errorMessageList = FastList.newInstance();
- for (ModelParam modelParam: this.contextInfo.values()) {
- if (context.get(modelParam.name) != null &&
- ("String".equals(modelParam.type) ||
"java.lang.String".equals(modelParam.type)) &&
- !"any".equals(modelParam.allowHtml) &&
- ("INOUT".equals(modelParam.mode) ||
"IN".equals(modelParam.mode))) {
- // the param is a String, allow-html is none or
safe, and we are looking at an IN parameter during input
parameter validation + for (ModelParam modelParam :
this.contextInfo.values()) {
+ // the param is a String, allow-html is not any, and
we are looking at an IN parameter during input parameter
validation + if (context.get(modelParam.name) != null
&& ("String".equals(modelParam.type) ||
"java.lang.String".equals(modelParam.type)) +
&& !"any".equals(modelParam.allowHtml) &&
("INOUT".equals(modelParam.mode) ||
"IN".equals(modelParam.mode))) { String value = (String)
context.get(modelParam.name);
- if ("none".equals(modelParam.allowHtml)) {
-
StringUtil.checkStringForHtmlStrictNone(modelParam.name,
value, errorMessageList);
- } else if ("safe".equals(modelParam.allowHtml))
{
- StringUtil.checkStringForHtmlSafeOnly(modelParam.name,
value, errorMessageList);
- }
+ StringUtil.checkStringForHtmlStrictNone(modelParam.name,
value, errorMessageList);
}
}
if (errorMessageList.size() > 0) {
Modified: ofbiz/trunk/specialpurpose/ebaystore/servicedef/services.
xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/
ebaystore/servicedef/services.xml?rev=1536324&r1=1536323&r2=
1536324&view=diff
==============================================================================
---
ofbiz/trunk/specialpurpose/ebaystore/servicedef/services.xml
(original) +++
ofbiz/trunk/specialpurpose/ebaystore/servicedef/services.xml Mon Oct
28 12:12:43 2013 @@ -491,7 +491,7 @@ under the License.
<attribute name="itemId" mode="IN" type="String"
optional="false"/>
<attribute name="listingType" mode="IN" type="String"
optional="true"/>
<attribute name="title" mode="IN" type="String"
optional="true"/>
- <attribute name="description" mode="IN" type="String"
allow-html="safe"/>
+ <attribute name="description" mode="IN" type="String"
allow-html="any"/>
<attribute name="price" mode="IN" type="String"
optional="true"/>
<attribute name="currencyId" mode="IN" type="String"
optional="true"/>
<attribute mode="IN" name="imageData" optional="true"
type="java.nio.ByteBuffer"/>
