[
https://issues.apache.org/jira/browse/OFBIZ-7675?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17419218#comment-17419218
]
Jacques Le Roux edited comment on OFBIZ-7675 at 9/23/21, 1:38 PM:
------------------------------------------------------------------
After trying hard, I finally decided give up. There are too much issues, and
possibly more hidden. So I apply the famous adage: "If it's not broken don't
fix it".
If ever someone want to take over, I was able to upload the framework patch,
but not the plugins one. It's 22 MB but only 2,9 MB zipped. Anyway Jira always
says:
bq. File "OFBIZ-7675-plugins.patch.zip" was not uploaded An internal error has
occurred. Please contact your administrator.
We are supposed to be able to upload till -10MB- 60MB but this issue is not
new: HOP-2779
So I have uploaded it to my own site for now:
www.les7arts.com/OFBIZ-7675-plugins.patch.zip
I'll though create an Infra issue for that !
was (Author: jacques.le.roux):
After trying hard, I finally decided give up. There are too much issues, and
possibly more hidden. So I apply the famous adage: "If it's not broken don't
fix it".
If ever someone want to take over, I was able to upload the framework patch,
but not the plugins one. It's 22 MB but only 2,9 MB zipped. Anyway Jira always
says:
bq. File "OFBIZ-7675-plugins.patch.zip" was not uploaded An internal error has
occurred. Please contact your administrator.
We are supposed to be able to upload till -10MB- 60MB but this issue is not
new and Infra does not seem to be much concerned(?): HOP-2779
So I have uploaded it to my own site for now:
www.les7arts.com/OFBIZ-7675-plugins.patch.zip
I'll though create an Infra issue for that !
> Investigate if we should turn Freemarker autoescaping on
> --------------------------------------------------------
>
> Key: OFBIZ-7675
> URL: https://issues.apache.org/jira/browse/OFBIZ-7675
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: OFBIZ-7675-framework.patch, OFBIZ-7675-plugins.patch,
> OFBIZ-7675.patch
>
>
> At OFBIZ-7041 [[email protected]] suggested that we turn Freemarker autoescaping
> on. Quoting him there:
> {quote}
> This new version of FreeMarker includes auto-escaping and output formats. The
> <#escape> directive has been deprecated. Notice the comment at the very end
> of this page:
> "FreeMarker automatically escapes all values printed ... if it's properly
> configured (that's the responsibility of the programmers; [see here
> how|http://freemarker.org/docs/pgui_config_outputformatsautoesc.html])."
> Would be good to turn autoescaping on, and set the configuration to match
> .ftl as HTML and .fo.ftl as XML.
> {quote}
> [~pfm.smits] asked
> {quote}
> If we are going down that path I guess we have to visit a lot of Freemarker
> template files, right?
> {quote}
> Here is my answer
> {quote}
> We don' t use any <#escape> directives in all OFBiz. We have a couple of
> <#noescape> which should be replaced by <#noautoesc>. So I agree we could set
> the Freemarker environement to auto-escaping, and test if it has not
> unexpected side-effects.
> Could be that this will fix or complicate the issue I crossed (at bottom) of
> OFBIZ-7041 and more recently at OFBIZ-7343, let's see...
> {quote}
> Reply
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
