Hi Ruth, I believe this is the standard Ofbiz validation of incoming parameters to a service. It appears this is used when the incoming parameter has been marked as to allow only "safe" html. The implementation makes use of the DefaultValidator below and can be configured by changing the a xml file. Here is the comment in the code:
Based on the ESAPI validator configured in the antisamy-esapi.xml file. So from this I would gauge that you had put something in your screen and then clicked to post that information to the sever. One of the fields from your form post contains some characters that the validator deemed to not be "safe". This type of stuff is usually to guard against sql injection and such ... My guess is that you pasted some html into a textarea and tried to do a save? Ruth Hoffman-2 wrote: > > version 803418 (9.04) > Where is this log messaging coming from? What framework or other > component is generating it? And under what types of conditions? > > Aug 13, 2009 7:56:49 PM AppNameNotSpecified IntrusionDetector > WARNING: SECURITY-FAILURE anonym...@unknown:unknown -- Invalid HTML > input: context=body, errors=[The table tag has been filtered for > security reasons. The contents of the tag will remain in place., The > tr tag has been filtered for security reasons. The contents of > the tag will remain in place., The th tag has been filtered for > security reasons. The contents of the tag will remain in place., The > tr... *[THIS PART REMOVED]* ...contents of the tag will remain in > place., The td tag has been filtered for security reasons. The > contents of the tag will remain in place.] > ValidationException @ > org.owasp.esapi.reference.DefaultValidator.getValidSafeHTML(null:-1) > > Thanks > Ruth > > > -- View this message in context: http://www.nabble.com/Could-someone-explain-this-to-me--tp24964555p24965032.html Sent from the OFBiz - User mailing list archive at Nabble.com.
