some of your remarks are now set to 'safe', thanks for reporting
regards, Hans On Mon, 2009-06-29 at 15:43 -0400, Harmeet Bedi wrote: > [Harmeet] > > There are a few places in ofbiz where allow-html="any" is specified. > > [David] > Do you have any specific instances of this you have noticed? > > doing search on allow-html="any" gave me the following services > > sendInvoicePerEmail > createEmailContent > updateEmailContent > persistDataResourceAndData > createCommunicationEventInterface > sendMail > sendMailFromUrl > sendMailFromScreen > prepareNotificationInterface > sendNotificationInterface > > Entire security is as good as weakest link in chain. so you may want to > remove them. > > Harmeet > -- Antwebsystems.com: Quality OFBiz services for competitive rates
