OFBiz
  1. OFBiz
  2. OFBIZ-2645

allow-html in service validation is too restrictive

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: Trunk
    • Fix Version/s: Trunk
    • Component/s: framework
    • Labels:
      None

      Description

      Service 'IN' parameters are validated. Default is allow-html='none'
      This filters out all the html chars. e.g one cannot set this text "Tom's age is likely > Paul's age"
      '>' is not allowed

      Rederers already escape html, so it may be best to keep validation alllow-html='any'. If service has a need to constrain, service should specify allow-html explicitly.

      Attaching patch. Please let me if this does not make sense.

      1. allow-html.diff
        4 kB
        Harmeet Bedi

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Unassigned
            Reporter:
            Harmeet Bedi
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development