You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Jacques Le Roux <ja...@les7arts.com> on 2015/10/13 02:49:38 UTC
Re: svn commit: r1708274 - in /ofbiz/trunk: ./
applications/content/config/
applications/content/src/org/ofbiz/content/content/ framework/base/lib/
specialpurpose/cmssite/data/
Damned again those unwanted changes in .classpath :/
Done by hand!
Jacques
Le 13/10/2015 02:40, jleroux@apache.org a écrit :
> Author: jleroux
> Date: Tue Oct 13 00:40:47 2015
> New Revision: 1708274
>
> URL: http://svn.apache.org/viewvc?rev=1708274&view=rev
> Log:
> Fix for ContentWorker at OFBIZ-6669. For that I have added owasp-java-html-sanitizer-r239.jar and put a "content.sanitize=true" property in content.properties with some explanations. The reason I put this property is because the sanitizer does some (safe) changes which might be unwanted in a context where you are "sure" no one can inject/exploit your DB, see the JIra issue for details. Note that this does not affect the *ContentWrapper.java classes where we use OWASP encoding and not sanitizer. The reason we need the sanitizer here is because we are no only handling content but also HTML code...
>
> Added:
> ofbiz/trunk/framework/base/lib/owasp-java-html-sanitizer-r239.jar (with props)
> Modified:
> ofbiz/trunk/.classpath
> ofbiz/trunk/LICENSE
> ofbiz/trunk/applications/content/config/content.properties
> ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentWorker.java
> ofbiz/trunk/specialpurpose/cmssite/data/CmsSiteDemoData.xml
>
> Modified: ofbiz/trunk/.classpath
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/.classpath?rev=1708274&r1=1708273&r2=1708274&view=diff
> ==============================================================================
> --- ofbiz/trunk/.classpath (original)
> +++ ofbiz/trunk/.classpath Tue Oct 13 00:40:47 2015
> @@ -1,201 +1,202 @@
> <?xml version="1.0" encoding="UTF-8"?>
> <classpath>
> - <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
> - <classpathentry kind="lib" path="applications/content/lib/dom4j-1.6.1.jar"/>
> - <classpathentry kind="lib" path="applications/content/lib/pdfbox-1.8.5.jar"/>
> - <classpathentry kind="lib" path="applications/content/lib/jempbox-1.8.5.jar"/>
> - <classpathentry kind="lib" path="applications/content/lib/fontbox-1.8.5.jar"/>
> - <classpathentry kind="lib" path="applications/content/lib/poi-3.10.1-20140818.jar"/>
> - <classpathentry kind="lib" path="applications/content/lib/tika-core-1.7.jar"/>
> - <classpathentry kind="lib" path="applications/content/lib/tika-parsers-1.7.jar"/>
> - <classpathentry kind="lib" path="applications/product/lib/dozer-4.2.1.jar"/>
> - <classpathentry kind="lib" path="applications/product/lib/watermarker-0.0.4.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/ant-1.9.0-ant.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/ant-1.9.0-ant-junit.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/ant-1.9.0-ant-launcher.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/avalon-framework-4.2.0.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/barcode4j-2.1-barcode4j-fop-ext-complete.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/batik-all-1.8.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/clhm-release-1.0-lru.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/esapi-2.1.0.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/fop-2.0.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/freemarker-2.3.22.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/hamcrest-all-1.2.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/httpunit-1.7.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/ical4j-1.0-rc2.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/icu4j-52_1.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/ivy-2.2.0.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/jackson-annotations-2.4.0.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/jackson-core-2.4.2.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/jackson-databind-2.4.2.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/javolution-5.4.3.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/jdbm-1.0-SNAPSHOT.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/jdom-1.1.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/jpim-0.1.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/juel-impl-2.2.7.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/juel-spi-2.2.7.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/junit-dep-4.10.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/log4j-api-2.3.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/mail-1.5.1.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/nekohtml-1.9.16.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/resolver-2.9.1.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/serializer-2.9.1.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/shiro-core-1.2.3.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/slf4j-api-1.6.4.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/ws-commons-java5-1.0.1.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/ws-commons-util-1.0.2.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/xercesImpl-2.9.1.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/xmlgraphics-commons-2.0.1.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/xmlrpc-client-3.1.2.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/xmlrpc-common-3.1.2.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/xmlrpc-server-3.1.2.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/xml-apis-2.9.1.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/xml-apis-ext-1.3.04.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/xpp3-1.1.4c.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/xstream-1.4.6.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/zxing-core-3.2.0.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/ant/ant-1.9.0-ant-apache-bsf.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/commons/commons-beanutils-core-1.8.3.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/commons/commons-codec-1.10.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/commons/commons-collections-3.2.1.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/commons/commons-compress-1.9.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/commons/commons-csv-1.1.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/commons/commons-el-1.0.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/commons/commons-fileupload-1.3.1.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/commons/commons-io-2.4.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/commons/commons-lang-2.6.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/commons/commons-logging-1.2.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/commons/commons-net-3.3.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/commons/commons-pool2-2.3.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/commons/commons-validator-1.4.1.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/j2eespecs/geronimo-activation_1.0.2_spec-1.0.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/j2eespecs/geronimo-j2ee-connector_1.5_spec-2.0.0.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/j2eespecs/geronimo-jaxrpc_1.1_spec-1.0.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/j2eespecs/geronimo-jaxr_1.0_spec-1.0.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/j2eespecs/geronimo-jms_1.1_spec-1.1.1.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/j2eespecs/geronimo-jta_1.1_spec-1.1.1.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/j2eespecs/geronimo-saaj_1.3_spec-1.1.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/j2eespecs/annotations-api-3.0.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/j2eespecs/el-api-2.2.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/j2eespecs/jsp-api-2.2.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/j2eespecs/servlet-api-3.0.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/scripting/antlr-2.7.6.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/scripting/asm-3.2.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/scripting/bsf-2.4.0.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/scripting/bsh-2.0b4.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/scripting/groovy-all-2.2.1.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/scripting/jakarta-oro-2.0.8.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/scripting/jython-nooro.jar"/>
> - <classpathentry kind="lib" path="framework/catalina/lib/ecj-4.4.2.jar"/>
> - <classpathentry kind="lib" path="framework/catalina/lib/tomcat-7.0.64-catalina.jar"/>
> - <classpathentry kind="lib" path="framework/catalina/lib/tomcat-7.0.64-catalina-ha.jar"/>
> - <classpathentry kind="lib" path="framework/catalina/lib/tomcat-7.0.64-catalina-tribes.jar"/>
> - <classpathentry kind="lib" path="framework/catalina/lib/tomcat-7.0.64-jasper.jar"/>
> - <classpathentry kind="lib" path="framework/catalina/lib/tomcat-7.0.64-tomcat-api.jar"/>
> - <classpathentry kind="lib" path="framework/catalina/lib/tomcat-7.0.64-tomcat-coyote.jar"/>
> - <classpathentry kind="lib" path="framework/catalina/lib/tomcat-7.0.64-tomcat-util.jar"/>
> - <classpathentry kind="lib" path="framework/catalina/lib/tomcat-extras-7.0.64-tomcat-juli.jar"/>
> - <classpathentry kind="lib" path="framework/catalina/lib/tomcat-extras-7.0.64-tomcat-juli-adapters.jar"/>
> - <classpathentry kind="lib" path="framework/entity/lib/commons-dbcp2-2.1.jar"/>
> - <classpathentry kind="lib" path="framework/geronimo/lib/geronimo-transaction-3.1.1.jar"/>
> - <classpathentry kind="lib" path="framework/service/lib/axiom-api-1.2.9.jar"/>
> - <classpathentry kind="lib" path="framework/service/lib/axiom-impl-1.2.9.jar"/>
> - <classpathentry kind="lib" path="framework/service/lib/axis2-kernel-1.5.2.jar"/>
> - <classpathentry kind="lib" path="framework/service/lib/axis2-transport-http-1.5.2.jar"/>
> - <classpathentry kind="lib" path="framework/service/lib/axis2-transport-local-1.5.2.jar"/>
> - <classpathentry kind="lib" path="framework/service/lib/commons-httpclient-3.1.jar"/>
> - <classpathentry kind="lib" path="framework/service/lib/neethi-2.0.4.jar"/>
> - <classpathentry kind="lib" path="framework/service/lib/wsdl4j-1.6.2.jar"/>
> - <classpathentry kind="lib" path="framework/service/lib/XmlSchema-1.4.3.jar"/>
> - <classpathentry kind="lib" path="framework/testtools/lib/org.springframework.core-3.1.0.M2.jar"/>
> - <classpathentry kind="lib" path="framework/testtools/lib/org.springframework.test-3.1.0.M2.jar"/>
> - <classpathentry kind="lib" path="framework/webapp/lib/ezmorph-0.9.1.jar"/>
> - <classpathentry kind="lib" path="framework/webapp/lib/iText-2.1.7.jar"/>
> - <classpathentry kind="lib" path="framework/webapp/lib/rome-0.9.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/birt/lib/axis-1.4.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/birt/lib/axis-ant-1.4.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/birt/lib/commons-discovery-0.5.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/birt/lib/org.eclipse.birt.runtime_4.3.1.v20130918-1142.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/birt/lib/org.eclipse.core.runtime_3.9.0.v20130326-1255.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/birt/lib/org.eclipse.equinox.common_3.6.200.v20130402-1505.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/birt/lib/org.eclipse.equinox.registry_3.5.301.v20130717-1549.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/birt/lib/org.eclipse.osgi_3.9.1.v20130814-1242.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/birt/lib/viewservlets.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/ebaystore/lib/attributes.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/ebaystore/lib/ebaycalls.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/ebaystore/lib/ebaysdkcore.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/ebaystore/lib/helper.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/googlecheckout/lib/checkout-sdk-0.8.8.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/ldap/lib/cas-server-core-3.3.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/pos/lib/jcl.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/pos/lib/jpos18-controls.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/pos/lib/looks-2.0.2.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/pos/lib/XuiCoreSwing-v3.2rc2b.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/pos/lib/XuiOptional-v3.2rc2b.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/guava-14.0.1.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/joda-time-2.2.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/spatial4j-0.4.1.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/zookeeper-3.4.6.jar"/>
> - <classpathentry excluding="org/ofbiz/accounting/thirdparty/cybersource/**|org/ofbiz/accounting/thirdparty/verisign/**|org/ofbiz/accounting/thirdparty/paypal/PayPalServices.java|org/ofbiz/accounting/thirdparty/orbital/**|org/ofbiz/accounting/thirdparty/securepay/**|org/ofbiz/accounting/thirdparty/ideal/**" kind="src" path="applications/accounting/src"/>
> - <classpathentry excluding="org/ofbiz/content/openoffice/|org/ofbiz/content/report/" kind="src" path="applications/content/src"/>
> - <classpathentry kind="src" path="applications/manufacturing/src"/>
> - <classpathentry kind="src" path="applications/marketing/src"/>
> - <classpathentry excluding="org/ofbiz/order/thirdparty/taxware/**" kind="src" path="applications/order/src"/>
> - <classpathentry kind="src" path="applications/party/src"/>
> - <classpathentry excluding="ShipmentScaleApplet.java" kind="src" path="applications/product/src"/>
> - <classpathentry excluding="org/ofbiz/securityext/thirdparty/truition/TruitionCoReg.java" kind="src" path="applications/securityext/src"/>
> - <classpathentry kind="src" path="applications/humanres/src"/>
> - <classpathentry kind="src" path="applications/workeffort/src"/>
> - <classpathentry kind="src" path="framework/base/config"/>
> - <classpathentry excluding="org/ofbiz/base/config/CoberturaInstrumenter.java" kind="src" path="framework/base/src"/>
> - <classpathentry kind="src" path="framework/catalina/src"/>
> - <classpathentry kind="src" path="framework/common/src"/>
> - <classpathentry kind="src" path="framework/datafile/src"/>
> - <classpathentry kind="src" path="framework/entity/src"/>
> - <classpathentry kind="src" path="framework/entityext/src"/>
> - <classpathentry kind="src" path="framework/geronimo/src"/>
> - <classpathentry kind="src" path="framework/minilang/src"/>
> - <classpathentry kind="src" path="framework/security/src"/>
> - <classpathentry kind="src" path="framework/service/src"/>
> - <classpathentry kind="src" path="framework/start/src"/>
> - <classpathentry kind="src" path="framework/testtools/src"/>
> - <classpathentry excluding="org/ofbiz/webapp/view/JasperReportsPdfViewHandler.java|org/ofbiz/webapp/view/JasperReportsXmlViewHandler.java|org/ofbiz/webapp/view/JasperReportsJXlsViewHandler.java|org/ofbiz/webapp/view/JasperReportsPoiXlsViewHandler.java" kind="src" path="framework/webapp/src"/>
> - <classpathentry kind="src" path="framework/webtools/src"/>
> - <classpathentry kind="src" path="framework/widget/src"/>
> - <classpathentry kind="src" path="specialpurpose/assetmaint/src"/>
> - <classpathentry kind="src" path="specialpurpose/birt/src"/>
> - <classpathentry kind="src" path="specialpurpose/ebay/src"/>
> - <classpathentry kind="src" path="specialpurpose/ebaystore/src"/>
> - <classpathentry kind="src" path="specialpurpose/ecommerce/src"/>
> - <classpathentry kind="src" path="specialpurpose/example/src"/>
> - <classpathentry kind="src" path="specialpurpose/googlebase/src"/>
> - <classpathentry kind="src" path="specialpurpose/googlecheckout/src"/>
> - <classpathentry kind="src" path="specialpurpose/hhfacility/src"/>
> - <classpathentry kind="src" path="specialpurpose/ldap/src"/>
> - <classpathentry kind="src" path="specialpurpose/lucene/src"/>
> - <classpathentry kind="src" path="specialpurpose/oagis/src"/>
> - <classpathentry kind="src" path="specialpurpose/pos/src"/>
> - <classpathentry kind="src" path="specialpurpose/projectmgr/src"/>
> - <classpathentry kind="src" path="specialpurpose/scrum/src"/>
> - <classpathentry kind="src" path="specialpurpose/solr/src"/>
> - <classpathentry kind="src" path="specialpurpose/webpos/src"/>
> - <classpathentry kind="src" path="specialpurpose/passport/src"/>
> - <classpathentry kind="lib" path="specialpurpose/solr/lib/compile/solr-core-5.3.1.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/solr/lib/compile/solr-solrj-5.3.1.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/lucene/lib/lucene-analyzers-common-5.3.1.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/lucene/lib/lucene-core-5.3.1.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/lucene/lib/lucene-queryparser-5.3.1.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/lucene-codecs-5.3.1.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/lucene-highlighter-5.3.1.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/lucene-join-5.3.1.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/lucene-queries-5.3.1.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/lucene-spatial-5.3.1.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/lucene-suggest-5.3.1.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/noggit-0.6.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/org.restlet-2.3.0.jar"/>
> - <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/org.restlet.ext.servlet-2.3.0.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/httpclient-4.4.1.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/httpclient-cache-4.4.1.jar"/>
> - <classpathentry kind="lib" path="framework/base/lib/httpcore-4.4.1.jar"/>
> - <classpathentry kind="output" path="bin"/>
> + <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
> + <classpathentry kind="lib" path="applications/content/lib/dom4j-1.6.1.jar"/>
> + <classpathentry kind="lib" path="applications/content/lib/pdfbox-1.8.5.jar"/>
> + <classpathentry kind="lib" path="applications/content/lib/jempbox-1.8.5.jar"/>
> + <classpathentry kind="lib" path="applications/content/lib/fontbox-1.8.5.jar"/>
> + <classpathentry kind="lib" path="applications/content/lib/poi-3.10.1-20140818.jar"/>
> + <classpathentry kind="lib" path="applications/content/lib/tika-core-1.7.jar"/>
> + <classpathentry kind="lib" path="applications/content/lib/tika-parsers-1.7.jar"/>
> + <classpathentry kind="lib" path="applications/product/lib/dozer-4.2.1.jar"/>
> + <classpathentry kind="lib" path="applications/product/lib/watermarker-0.0.4.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/ant-1.9.0-ant.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/ant-1.9.0-ant-junit.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/ant-1.9.0-ant-launcher.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/avalon-framework-4.2.0.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/barcode4j-2.1-barcode4j-fop-ext-complete.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/batik-all-1.8.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/clhm-release-1.0-lru.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/esapi-2.1.0.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/owasp-java-html-sanitizer-r239.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/fop-2.0.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/freemarker-2.3.22.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/hamcrest-all-1.2.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/httpunit-1.7.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/ical4j-1.0-rc2.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/icu4j-52_1.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/ivy-2.2.0.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/jackson-annotations-2.4.0.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/jackson-core-2.4.2.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/jackson-databind-2.4.2.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/javolution-5.4.3.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/jdbm-1.0-SNAPSHOT.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/jdom-1.1.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/jpim-0.1.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/juel-impl-2.2.7.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/juel-spi-2.2.7.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/junit-dep-4.10.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/log4j-api-2.3.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/mail-1.5.1.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/nekohtml-1.9.16.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/resolver-2.9.1.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/serializer-2.9.1.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/shiro-core-1.2.3.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/slf4j-api-1.6.4.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/ws-commons-java5-1.0.1.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/ws-commons-util-1.0.2.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/xercesImpl-2.9.1.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/xmlgraphics-commons-2.0.1.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/xmlrpc-client-3.1.2.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/xmlrpc-common-3.1.2.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/xmlrpc-server-3.1.2.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/xml-apis-2.9.1.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/xml-apis-ext-1.3.04.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/xpp3-1.1.4c.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/xstream-1.4.6.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/zxing-core-3.2.0.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/ant/ant-1.9.0-ant-apache-bsf.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/commons/commons-beanutils-core-1.8.3.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/commons/commons-codec-1.10.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/commons/commons-collections-3.2.1.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/commons/commons-compress-1.9.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/commons/commons-csv-1.1.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/commons/commons-el-1.0.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/commons/commons-fileupload-1.3.1.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/commons/commons-io-2.4.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/commons/commons-lang-2.6.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/commons/commons-logging-1.2.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/commons/commons-net-3.3.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/commons/commons-pool2-2.3.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/commons/commons-validator-1.4.1.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/j2eespecs/geronimo-activation_1.0.2_spec-1.0.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/j2eespecs/geronimo-j2ee-connector_1.5_spec-2.0.0.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/j2eespecs/geronimo-jaxrpc_1.1_spec-1.0.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/j2eespecs/geronimo-jaxr_1.0_spec-1.0.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/j2eespecs/geronimo-jms_1.1_spec-1.1.1.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/j2eespecs/geronimo-jta_1.1_spec-1.1.1.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/j2eespecs/geronimo-saaj_1.3_spec-1.1.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/j2eespecs/annotations-api-3.0.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/j2eespecs/el-api-2.2.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/j2eespecs/jsp-api-2.2.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/j2eespecs/servlet-api-3.0.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/scripting/antlr-2.7.6.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/scripting/asm-3.2.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/scripting/bsf-2.4.0.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/scripting/bsh-2.0b4.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/scripting/groovy-all-2.2.1.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/scripting/jakarta-oro-2.0.8.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/scripting/jython-nooro.jar"/>
> + <classpathentry kind="lib" path="framework/catalina/lib/ecj-4.4.2.jar"/>
> + <classpathentry kind="lib" path="framework/catalina/lib/tomcat-7.0.64-catalina.jar"/>
> + <classpathentry kind="lib" path="framework/catalina/lib/tomcat-7.0.64-catalina-ha.jar"/>
> + <classpathentry kind="lib" path="framework/catalina/lib/tomcat-7.0.64-catalina-tribes.jar"/>
> + <classpathentry kind="lib" path="framework/catalina/lib/tomcat-7.0.64-jasper.jar"/>
> + <classpathentry kind="lib" path="framework/catalina/lib/tomcat-7.0.64-tomcat-api.jar"/>
> + <classpathentry kind="lib" path="framework/catalina/lib/tomcat-7.0.64-tomcat-coyote.jar"/>
> + <classpathentry kind="lib" path="framework/catalina/lib/tomcat-7.0.64-tomcat-util.jar"/>
> + <classpathentry kind="lib" path="framework/catalina/lib/tomcat-extras-7.0.64-tomcat-juli.jar"/>
> + <classpathentry kind="lib" path="framework/catalina/lib/tomcat-extras-7.0.64-tomcat-juli-adapters.jar"/>
> + <classpathentry kind="lib" path="framework/entity/lib/commons-dbcp2-2.1.jar"/>
> + <classpathentry kind="lib" path="framework/geronimo/lib/geronimo-transaction-3.1.1.jar"/>
> + <classpathentry kind="lib" path="framework/service/lib/axiom-api-1.2.9.jar"/>
> + <classpathentry kind="lib" path="framework/service/lib/axiom-impl-1.2.9.jar"/>
> + <classpathentry kind="lib" path="framework/service/lib/axis2-kernel-1.5.2.jar"/>
> + <classpathentry kind="lib" path="framework/service/lib/axis2-transport-http-1.5.2.jar"/>
> + <classpathentry kind="lib" path="framework/service/lib/axis2-transport-local-1.5.2.jar"/>
> + <classpathentry kind="lib" path="framework/service/lib/commons-httpclient-3.1.jar"/>
> + <classpathentry kind="lib" path="framework/service/lib/neethi-2.0.4.jar"/>
> + <classpathentry kind="lib" path="framework/service/lib/wsdl4j-1.6.2.jar"/>
> + <classpathentry kind="lib" path="framework/service/lib/XmlSchema-1.4.3.jar"/>
> + <classpathentry kind="lib" path="framework/testtools/lib/org.springframework.core-3.1.0.M2.jar"/>
> + <classpathentry kind="lib" path="framework/testtools/lib/org.springframework.test-3.1.0.M2.jar"/>
> + <classpathentry kind="lib" path="framework/webapp/lib/ezmorph-0.9.1.jar"/>
> + <classpathentry kind="lib" path="framework/webapp/lib/iText-2.1.7.jar"/>
> + <classpathentry kind="lib" path="framework/webapp/lib/rome-0.9.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/birt/lib/axis-1.4.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/birt/lib/axis-ant-1.4.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/birt/lib/commons-discovery-0.5.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/birt/lib/org.eclipse.birt.runtime_4.3.1.v20130918-1142.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/birt/lib/org.eclipse.core.runtime_3.9.0.v20130326-1255.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/birt/lib/org.eclipse.equinox.common_3.6.200.v20130402-1505.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/birt/lib/org.eclipse.equinox.registry_3.5.301.v20130717-1549.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/birt/lib/org.eclipse.osgi_3.9.1.v20130814-1242.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/birt/lib/viewservlets.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/ebaystore/lib/attributes.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/ebaystore/lib/ebaycalls.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/ebaystore/lib/ebaysdkcore.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/ebaystore/lib/helper.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/googlecheckout/lib/checkout-sdk-0.8.8.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/ldap/lib/cas-server-core-3.3.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/pos/lib/jcl.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/pos/lib/jpos18-controls.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/pos/lib/looks-2.0.2.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/pos/lib/XuiCoreSwing-v3.2rc2b.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/pos/lib/XuiOptional-v3.2rc2b.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/guava-14.0.1.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/joda-time-2.2.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/spatial4j-0.4.1.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/zookeeper-3.4.6.jar"/>
> + <classpathentry excluding="org/ofbiz/accounting/thirdparty/cybersource/**|org/ofbiz/accounting/thirdparty/verisign/**|org/ofbiz/accounting/thirdparty/paypal/PayPalServices.java|org/ofbiz/accounting/thirdparty/orbital/**|org/ofbiz/accounting/thirdparty/securepay/**|org/ofbiz/accounting/thirdparty/ideal/**" kind="src" path="applications/accounting/src"/>
> + <classpathentry excluding="org/ofbiz/content/openoffice/|org/ofbiz/content/report/" kind="src" path="applications/content/src"/>
> + <classpathentry kind="src" path="applications/manufacturing/src"/>
> + <classpathentry kind="src" path="applications/marketing/src"/>
> + <classpathentry excluding="org/ofbiz/order/thirdparty/taxware/**" kind="src" path="applications/order/src"/>
> + <classpathentry kind="src" path="applications/party/src"/>
> + <classpathentry excluding="ShipmentScaleApplet.java" kind="src" path="applications/product/src"/>
> + <classpathentry excluding="org/ofbiz/securityext/thirdparty/truition/TruitionCoReg.java" kind="src" path="applications/securityext/src"/>
> + <classpathentry kind="src" path="applications/humanres/src"/>
> + <classpathentry kind="src" path="applications/workeffort/src"/>
> + <classpathentry kind="src" path="framework/base/config"/>
> + <classpathentry excluding="org/ofbiz/base/config/CoberturaInstrumenter.java" kind="src" path="framework/base/src"/>
> + <classpathentry kind="src" path="framework/catalina/src"/>
> + <classpathentry kind="src" path="framework/common/src"/>
> + <classpathentry kind="src" path="framework/datafile/src"/>
> + <classpathentry kind="src" path="framework/entity/src"/>
> + <classpathentry kind="src" path="framework/entityext/src"/>
> + <classpathentry kind="src" path="framework/geronimo/src"/>
> + <classpathentry kind="src" path="framework/minilang/src"/>
> + <classpathentry kind="src" path="framework/security/src"/>
> + <classpathentry kind="src" path="framework/service/src"/>
> + <classpathentry kind="src" path="framework/start/src"/>
> + <classpathentry kind="src" path="framework/testtools/src"/>
> + <classpathentry excluding="org/ofbiz/webapp/view/JasperReportsPdfViewHandler.java|org/ofbiz/webapp/view/JasperReportsXmlViewHandler.java|org/ofbiz/webapp/view/JasperReportsJXlsViewHandler.java|org/ofbiz/webapp/view/JasperReportsPoiXlsViewHandler.java" kind="src" path="framework/webapp/src"/>
> + <classpathentry kind="src" path="framework/webtools/src"/>
> + <classpathentry kind="src" path="framework/widget/src"/>
> + <classpathentry kind="src" path="specialpurpose/assetmaint/src"/>
> + <classpathentry kind="src" path="specialpurpose/birt/src"/>
> + <classpathentry kind="src" path="specialpurpose/ebay/src"/>
> + <classpathentry kind="src" path="specialpurpose/ebaystore/src"/>
> + <classpathentry kind="src" path="specialpurpose/ecommerce/src"/>
> + <classpathentry kind="src" path="specialpurpose/example/src"/>
> + <classpathentry kind="src" path="specialpurpose/googlebase/src"/>
> + <classpathentry kind="src" path="specialpurpose/googlecheckout/src"/>
> + <classpathentry kind="src" path="specialpurpose/hhfacility/src"/>
> + <classpathentry kind="src" path="specialpurpose/ldap/src"/>
> + <classpathentry kind="src" path="specialpurpose/lucene/src"/>
> + <classpathentry kind="src" path="specialpurpose/oagis/src"/>
> + <classpathentry kind="src" path="specialpurpose/pos/src"/>
> + <classpathentry kind="src" path="specialpurpose/projectmgr/src"/>
> + <classpathentry kind="src" path="specialpurpose/scrum/src"/>
> + <classpathentry kind="src" path="specialpurpose/solr/src"/>
> + <classpathentry kind="src" path="specialpurpose/webpos/src"/>
> + <classpathentry kind="src" path="specialpurpose/passport/src"/>
> + <classpathentry kind="lib" path="specialpurpose/solr/lib/compile/solr-core-5.3.1.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/solr/lib/compile/solr-solrj-5.3.1.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/lucene/lib/lucene-analyzers-common-5.3.1.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/lucene/lib/lucene-core-5.3.1.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/lucene/lib/lucene-queryparser-5.3.1.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/lucene-codecs-5.3.1.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/lucene-highlighter-5.3.1.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/lucene-join-5.3.1.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/lucene-queries-5.3.1.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/lucene-spatial-5.3.1.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/lucene-suggest-5.3.1.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/noggit-0.6.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/org.restlet-2.3.0.jar"/>
> + <classpathentry kind="lib" path="specialpurpose/solr/lib/runtime/org.restlet.ext.servlet-2.3.0.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/httpclient-4.4.1.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/httpclient-cache-4.4.1.jar"/>
> + <classpathentry kind="lib" path="framework/base/lib/httpcore-4.4.1.jar"/>
> + <classpathentry kind="output" path="bin"/>
> </classpath>
>
> Modified: ofbiz/trunk/LICENSE
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/LICENSE?rev=1708274&r1=1708273&r2=1708274&view=diff
> ==============================================================================
> --- ofbiz/trunk/LICENSE (original)
> +++ ofbiz/trunk/LICENSE Tue Oct 13 00:40:47 2015
> @@ -69,6 +69,7 @@ framework/base/lib/j2eespecs/annotations
> framework/base/lib/j2eespecs/el-api-2.2.jar
> framework/base/lib/j2eespecs/jsp-api-2.2.jar
> framework/base/lib/j2eespecs/servlet-api-3.0.jar
> +framework/base/lib/owasp-java-html-sanitizer-r239.jar
> framework/base/lib/scripting/bsf-2.4.0.jar
> framework/base/lib/scripting/jakarta-oro-2.0.8.jar
> framework/base/lib/scripting/groovy-all-2.2.1.jar
>
> Modified: ofbiz/trunk/applications/content/config/content.properties
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/content/config/content.properties?rev=1708274&r1=1708273&r2=1708274&view=diff
> ==============================================================================
> --- ofbiz/trunk/applications/content/config/content.properties (original)
> +++ ofbiz/trunk/applications/content/config/content.properties Tue Oct 13 00:40:47 2015
> @@ -35,3 +35,7 @@ content.upload.always.local.file=true
>
> # content output folder (relative to ofbiz.home)
> content.output.path=runtime/output
> +
> +#Should we sanitize generic content by default (specific contents - order, party, category, product, configured product, product promo and work effort - are always encoded)
> +# This has a slightly impact on the code rendered, see . True By default!
> +content.sanitize=true
>
> Modified: ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentWorker.java
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentWorker.java?rev=1708274&r1=1708273&r2=1708274&view=diff
> ==============================================================================
> --- ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentWorker.java (original)
> +++ ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentWorker.java Tue Oct 13 00:40:47 2015
> @@ -52,6 +52,7 @@ import org.ofbiz.entity.condition.Entity
> import org.ofbiz.entity.condition.EntityOperator;
> import org.ofbiz.entity.util.EntityQuery;
> import org.ofbiz.entity.util.EntityUtil;
> +import org.ofbiz.entity.util.EntityUtilProperties;
> import org.ofbiz.minilang.MiniLangException;
> import org.ofbiz.minilang.SimpleMapProcessor;
> import org.ofbiz.service.DispatchContext;
> @@ -59,6 +60,8 @@ import org.ofbiz.service.GenericServiceE
> import org.ofbiz.service.LocalDispatcher;
> import org.ofbiz.service.ModelService;
> import org.ofbiz.service.ServiceUtil;
> +import org.owasp.html.PolicyFactory;
> +import org.owasp.html.Sanitizers;
> import org.xml.sax.InputSource;
> import org.xml.sax.SAXException;
>
> @@ -333,7 +336,23 @@ public class ContentWorker implements or
> Locale locale, String mimeTypeId, boolean cache) throws GeneralException, IOException {
> Writer writer = new StringWriter();
> renderContentAsText(dispatcher, delegator, contentId, writer, templateContext, locale, mimeTypeId, null, null, cache);
> - return writer.toString();
> + String rendered = writer.toString();
> + // According to https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#XSS_Prevention_Rules_Summary
> + // Normally head should be protected by X-XSS-Protection Response Header by default
> + if (EntityUtilProperties.propertyValueEqualsIgnoreCase("content.properties", "content.sanitize", "true", delegator)
> + && (rendered.contains("<script>")
> + || rendered.contains("<!--")
> + || rendered.contains("<div")
> + || rendered.contains("<style>")
> + || rendered.contains("<span")
> + || rendered.contains("<input")
> + || rendered.contains("<input")
> + || rendered.contains("<iframe")
> + || rendered.contains("<a"))) {
> + PolicyFactory sanitizer = Sanitizers.FORMATTING.and(Sanitizers.BLOCKS).and(Sanitizers.IMAGES).and(Sanitizers.LINKS).and(Sanitizers.STYLES);
> + rendered = sanitizer.sanitize(rendered);
> + }
> + return rendered;
> }
>
> public static String renderContentAsText(LocalDispatcher dispatcher, Delegator delegator, String contentId, Appendable out,
>
> Added: ofbiz/trunk/framework/base/lib/owasp-java-html-sanitizer-r239.jar
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/lib/owasp-java-html-sanitizer-r239.jar?rev=1708274&view=auto
> ==============================================================================
> Binary file - no diff available.
>
> Propchange: ofbiz/trunk/framework/base/lib/owasp-java-html-sanitizer-r239.jar
> ------------------------------------------------------------------------------
> svn:mime-type = application/octet-stream
>
> Modified: ofbiz/trunk/specialpurpose/cmssite/data/CmsSiteDemoData.xml
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/cmssite/data/CmsSiteDemoData.xml?rev=1708274&r1=1708273&r2=1708274&view=diff
> ==============================================================================
> --- ofbiz/trunk/specialpurpose/cmssite/data/CmsSiteDemoData.xml (original)
> +++ ofbiz/trunk/specialpurpose/cmssite/data/CmsSiteDemoData.xml Tue Oct 13 00:40:47 2015
> @@ -78,7 +78,7 @@ under the License.
> <p>
> This is a site to demonstrate the CMS capabilities of OFBiz. Its basic function is the editing of website text
> inside a browser. If you want to edit the text you are reading now, logon to the backend system, select the content component
> - click on 'cmssite' in the website list and ten click on the 'cms' button. There you see on the left hand side the tree of this website.
> + click on 'cmssite' in the website list and then click on the 'cms' button. There you see on the left hand side the tree of this website.
> If you click on 'homepage' then you can edit the content of this page at the box in the r
> </p>
> <p>
>
>
>
>