[OFBIZ-2645] allow-html in service validation is too restrictive - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Won't Fix
Affects Version/s: Trunk
Fix Version/s: Trunk
Component/s: framework
Labels:
None

Description

Service 'IN' parameters are validated. Default is allow-html='none'
This filters out all the html chars. e.g one cannot set this text "Tom's age is likely > Paul's age"
'>' is not allowed

Rederers already escape html, so it may be best to keep validation alllow-html='any'. If service has a need to constrain, service should specify allow-html explicitly.

Attaching patch. Please let me if this does not make sense.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

allow-html.diff
22/Jun/09 02:45
4 kB
Harmeet Bedi

Activity

People

Assignee:: Unassigned

Reporter:: Harmeet Bedi

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 22/Jun/09 02:43

Updated:: 16/Nov/13 15:18

Resolved:: 16/Nov/13 15:18