You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by Harmeet Bedi <ha...@gmail.com> on 2009/06/21 09:53:19 UTC

restrictions on html use seem restrictive

To me it appears that default restrictions for html are very restrictive.

We recently updated our ofbiz versions and getting some messages
In field [XXX] less-than (<) and greater-than (>) symbols are not allowed

I wonder if this is a mistake.. It not only prevents html but it also prevents simple text like 'Mr X would buy if price < $2'

XSD has
        <xs:attribute name="allow-html" use="optional" default="none">
            <xs:annotation><xs:documentation>See the documentation on the allow-html attribute of the "attribute" element.</xs:documentation></xs:annotation>
            <xs:simpleType>
                <xs:restriction base="xs:token">
                    <xs:enumeration value="any"/>
                    <xs:enumeration value="safe"/>
                    <xs:enumeration value="none"/>
                </xs:restriction>
            </xs:simpleType>
        </xs:attribute>


Wondering if it is best to have allow-html = 'any'. If someone wants to create a user interface with view/edit of html content for comments the platform should not prevent.

thoughts ?
Harmeet