[jira] [Commented] (OFBIZ-9373) create new blog article entry error.

Mon, 22 May 2017 00:57:01 -0700 

    [ 
https://issues.apache.org/jira/browse/OFBIZ-9373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16019244#comment-16019244
 ] 

Jacques Le Roux commented on OFBIZ-9373:
----------------------------------------

Hi Yao,

Yes it's a known problem related with 
http://svn.apache.org/viewvc?view=revision&revision=1759065

Recently in the context of [Flexible 
Report|https://blogs.apache.org/ofbiz/entry/the-birt-flexible-reports-a] I used 
the [OWASP Java HTML Sanitizer 
Project|https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project] to 
create and use a specific BIRT_FLEXIBLE_REPORT_POLICY used by 
encoder.sanitize() (HtmlEncoder type) in ContentWorker.renderContentAsText(). 
This allows for more flexibility than "any" or "none" when sanitizing or 
checking HTML code. We could use the PERMISSIVE_POLICY for the removed "safe" 
case or even allows to use a policy name for allow-html value. As soon as I'll 
get a chance I'll have a look at this idea.

In the meantime if you believe you are safe to use "any" just do that.



> create new blog article entry error.
> ------------------------------------
>
>                 Key: OFBIZ-9373
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9373
>             Project: OFBiz
>          Issue Type: Bug
>          Components: content
>    Affects Versions: Trunk
>            Reporter: yao
>
> 1、when i try to create a new blog article, i get the following error message:
>               In field [articleData] less-than (<) and greater-than (>) 
> symbols are not allowed.
> it seems that this field does not support html text !
> 2、after i use plain text for the field [articleData], when i post the form, i 
> get the following error message:
>                 The following required parameter is missing: [IN] 
> [createElectronicText.dataResourceId]]
> and i go through the code that handles the request and the log record, to 
> find that the following eca does not execute which causes the error:
>              
> <!-- electronic text; needs dataResourceId -->
>     <eca service="createElectronicText" event="invoke">
>         <condition field-name="dataResourceId" operator="is-empty"/>
>         <set field-name="dataResourceTypeId" value="ELECTRONIC_TEXT"/>
>         <action service="createDataResource" mode="sync" 
> result-to-context="true"/>
>     </eca>
> does the problem lies in the framework code ?



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to