Was suggesting remove allow-html="any" from service, not service itself.
----- Original Message ----- From: "Harmeet Bedi" <[email protected]> To: [email protected] Sent: Monday, June 29, 2009 3:43:01 PM GMT -05:00 US/Canada Eastern Subject: Re: proposal related to allow-html defaults [Harmeet] > There are a few places in ofbiz where allow-html="any" is specified. [David] Do you have any specific instances of this you have noticed? doing search on allow-html="any" gave me the following services sendInvoicePerEmail createEmailContent updateEmailContent persistDataResourceAndData createCommunicationEventInterface sendMail sendMailFromUrl sendMailFromScreen prepareNotificationInterface sendNotificationInterface Entire security is as good as weakest link in chain. so you may want to remove them. Harmeet
