You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by "Jacques Le Roux (JIRA)" <ji...@apache.org> on 2010/06/04 22:44:53 UTC

[jira] Commented: (OFBIZ-2645) allow-html in service validation is too restrictive

    [ https://issues.apache.org/jira/browse/OFBIZ-2645?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12875742#action_12875742 ] 

Jacques Le Roux commented on OFBIZ-2645:
----------------------------------------

Should we not close this issue?

> allow-html in service validation is too restrictive
> ---------------------------------------------------
>
>                 Key: OFBIZ-2645
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-2645
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: SVN trunk
>            Reporter: Harmeet Bedi
>             Fix For: SVN trunk
>
>         Attachments: allow-html.diff
>
>
> Service 'IN' parameters are validated. Default is allow-html='none'
> This filters out all the html chars. e.g one cannot set this text "Tom's age is likely > Paul's age"
> '>' is not allowed
> Rederers already escape html, so it may be best to keep validation alllow-html='any'. If service has a need to constrain, service should specify allow-html explicitly.
> Attaching patch. Please let me if this does not make sense.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.