You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ofbiz.apache.org by ja...@apache.org on 2019/06/04 13:21:54 UTC

svn commit: r1860613 - /ofbiz/ofbiz-framework/trunk/applications/party/servicedef/services.xml

Author: jacopoc
Date: Tue Jun  4 13:21:54 2019
New Revision: 1860613

URL: http://svn.apache.org/viewvc?rev=1860613&view=rev
Log:
Fixed: fine tuned the sanitization of user input by allowing "safe" content; 
thanks to Jacques for the suggestion.

Modified:
    ofbiz/ofbiz-framework/trunk/applications/party/servicedef/services.xml

Modified: ofbiz/ofbiz-framework/trunk/applications/party/servicedef/services.xml
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/applications/party/servicedef/services.xml?rev=1860613&r1=1860612&r2=1860613&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/applications/party/servicedef/services.xml (original)
+++ ofbiz/ofbiz-framework/trunk/applications/party/servicedef/services.xml Tue Jun  4 13:21:54 2019
@@ -777,6 +777,10 @@ under the License.
         <attribute name="returnId" type="String" mode="IN" optional="true"/>
         <attribute name="custRequestId" type="String" mode="IN" optional="true"/>
         <attribute name="action" type="String" mode="IN" optional="true"/><!-- to indicate any special action like: REPLY, REPLYALL, FORWARD or empty for no special action-->
+        <override name="headerString" allow-html="safe"/>
+        <override name="content" allow-html="safe"/>
+        <override name="messageId" allow-html="safe"/>
+        <override name="subject" allow-html="safe"/>
     </service>
     <service name="createCommunicationEvent" engine="simple"
             location="component://party/minilang/communication/CommunicationEventServices.xml" invoke="createCommunicationEventWithPermission" auth="true">