[
https://issues.apache.org/jira/browse/OFBIZ-4316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13053375#comment-13053375
]
BJ Freeman commented on OFBIZ-4316:
-----------------------------------
thanks for the clarification.
however for formus I run they are moderated.
so malicious html/js content is not possible.
I do understand that ofbiz must go for worst case.
> Widget $() escapes HTML. StringUtil.wrapString(contentText) throw an error
> --------------------------------------------------------------------------
>
> Key: OFBIZ-4316
> URL: https://issues.apache.org/jira/browse/OFBIZ-4316
> Project: OFBiz
> Issue Type: Bug
> Components: content, framework, specialpurpose/ecommerce
> Affects Versions: SVN trunk
> Reporter: BJ Freeman
> Labels: html, rendering, widget
> Fix For: SVN trunk
>
>
> from the ForumScreens.xml#ViewForumMessage
> {code}
> <container style="forumtext">
> <label>${contentText}</label>
> {code}
> show escaped html
> {code}
> * Data Source<br /> * Marketing Campaign<br /> * Tracking Affiliate
> programs<br /> * Segment<br /> * Contact List<br /> * Reports<br /> <a
> class="postlink"
> href="https://demo-trunk.ofbiz.apache.org/marketing/control/main"USERNAME=flexadmin&PASSWORD=ofbiz&JavaScriptEnabled=Y";>Demo
> Marketing</a>
> {code}
> replacing
> {code}<label>${contentText}</label>{code}
> with
> {code}${StringUtil.wrapString(contentText).toString()}{code}
> give this error
> 2011-06-15 18:16:43,200 (TP-Processor13) [ UtilXml.java:1043:ERROR]
> XmlFileLoader: File
> file:specialpurpose/ecommerce/widget/ForumScreens.xml
> process error. Line: 151. Error message: cvc-complex-type.2.3: Element
> 'condition' cannot have character [children], because the type's content
> type is element-only.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
