Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-2645

allow-html in service validation is too restrictive

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: Trunk
    • Fix Version/s: Trunk
    • Component/s: framework
    • Labels:
      None

      Description

      Service 'IN' parameters are validated. Default is allow-html='none'
      This filters out all the html chars. e.g one cannot set this text "Tom's age is likely > Paul's age"
      '>' is not allowed

      Rederers already escape html, so it may be best to keep validation alllow-html='any'. If service has a need to constrain, service should specify allow-html explicitly.

      Attaching patch. Please let me if this does not make sense.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              harmeet Harmeet Bedi
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: