Hello Jacques, [email protected] writes:
> Author: jleroux > Date: Fri May 24 13:47:08 2019 > New Revision: 1859877 > > URL: http://svn.apache.org/viewvc?rev=1859877&view=rev > Log: > Fixed: Services allow arbitrary HTML for parameters with allow-html set to > "safe" > (OFBIZ-5254) > > This was reopened after discussion at > https://markmail.org/message/jnaitmwahjcjmdn5 > > This is a new solution which follows the work done with and OFBIZ-10187 > Roughly said, it uses org.owasp.html.PolicyFactory and > org.owasp.html.Sanitizers > > Thanks: Christoph Neuroth for report This commit breaks the “custrequesttests” test suite with a vanilla framework after ‘loadAll’. If the issue can not be solved tomorrow please revert. Thanks. -- Mathieu Lirzin GPG: F2A3 8D7E EB2B 6640 5761 070D 0ADE E100 9460 4D37
