Yeah thanks, it didn't take me long to realize that it was indeed a stupid question.

Your second point makes sense to me, but I don't really know enough to comment, I'm not even sure what elements are considered safe.

Thanks
Scott

On 12/05/2009, at 4:33 PM, Hans Bakker wrote:

people would like to use the characters ">" and "<"

is it perhaps a good idea to have all "description", "name" and perhaps
other fields by default set to "safe" ?

Regards
Hans

On Tue, 2009-05-12 at 16:24 +1200, Scott Gray wrote:
Hi Hans

Sorry if this is a stupid question, I haven't really looked in to the
new html security stuff yet, but why would requestName contain html?

Thanks
Scott

On 12/05/2009, at 3:20 PM, [email protected] wrote:

Author: hansbak
Date: Tue May 12 03:20:28 2009
New Revision: 773772

URL: http://svn.apache.org/viewvc?rev=773772&view=rev
Log:
allow safe html in customer request name and item content

Modified:
  ofbiz/trunk/applications/order/servicedef/services_request.xml

Modified: ofbiz/trunk/applications/order/servicedef/
services_request.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/servicedef/services_request.xml?rev=773772&r1=773771&r2=773772&view=diff
=
=
=
=
=
=
=
=
= = ====================================================================
--- ofbiz/trunk/applications/order/servicedef/services_request.xml
(original)
+++ ofbiz/trunk/applications/order/servicedef/services_request.xml
Tue May 12 03:20:28 2009
@@ -42,6 +42,7 @@
       <auto-attributes include="nonpk" mode="IN" optional="true"/>
       <attribute name="fromPartyId" type="String" mode="IN"
optional="false"/>
       <auto-attributes include="all" mode="IN" entity-
name="CustRequestItem" optional="true"/>
+        <override name="custRequestName" allow-html="safe"/>
   </service>
   <service name="updateCustRequest" engine="simple" default-entity-
name="CustRequest"
           location="component://order/script/org/ofbiz/order/
request/CustRequestServices.xml" invoke="updateCustRequest"
auth="true">
@@ -73,12 +74,14 @@
       <auto-attributes include="pk" mode="INOUT" optional="false"/>
       <auto-attributes include="nonpk" mode="IN" optional="true"/>
       <override name="custRequestItemSeqId" optional="true"/>
+        <override name="story" allow-html="safe"/>
   </service>
   <service name="updateCustRequestItem" engine="simple" default-
entity-name="CustRequestItem"
           location="component://order/script/org/ofbiz/order/
request/CustRequestServices.xml" invoke="updateCustRequestItem"
auth="true">
       <description>Update a CustRequestItem record</description>
       <auto-attributes include="pk" mode="IN" optional="false"/>
       <auto-attributes include="nonpk" mode="IN" optional="true"/>
+        <override name="story" allow-html="safe"/>
   </service>
   <service name="copyCustRequestItem" default-entity-
name="CustRequestItem" engine="simple"
               location="component://order/script/org/ofbiz/order/
request/CustRequestServices.xml" invoke="copyCustRequestItem"
auth="true">
@@ -168,6 +171,7 @@
       <attribute name="custRequestName" mode="IN" type="String"
optional="true"/>
       <attribute name="custRequestId" mode="OUT" type="String"
optional="false"/>
       <override name="content" allow-html="safe"/>
+        <override name="custRequestName" allow-html="safe"/>
   </service>

   <!-- custRequest content services -->



--
Antwebsystems.com: Quality OFBiz services for competitive rates


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to