You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by ian tabangay <it...@gmail.com> on 2008/09/25 09:23:01 UTC
Inputing HTML specific characters
Hi. What would be best way to handle inputs that are non alpha-numeric? HTML
specific characters can render a form useless or worse inject scripts into
the page. Ive made an example in https://demo.hotwaxmedia.com site. Go to
https://demo.hotwaxmedia.com/facility/control/EditFacility?facilityId=10000.
Notice the description of this facility. Also, try to add the same facility
as its parent facility. Notice that nothing happens when you click the
facilityId 10000 on the Lookup screen.
~ Ian
Re: Inputing HTML specific characters
Posted by Jacques Le Roux <ja...@les7arts.com>.
OK I see now (I directly entered the Id and did not use the Lookup). Could you please open a Jira issue ?
http://docs.ofbiz.org/display/OFBADMIN/OFBiz+Contributors+Best+Practices
Thanks
Jacques
From: "ian tabangay" <it...@gmail.com>
> No thats not my point. Sorry for the bad example. But if you'll find other
> Lookups for Facility and try to select "Toby's Sports Shop", you'll notice
> that the Lookup doesnt work. The field parent facility id is just an example
> to pop out the Lookup Form for the Facility.
>
> ~ Ian
>
> On Thu, Sep 25, 2008 at 6:01 PM, Jacques Le Roux <
> jacques.le.roux@les7arts.com> wrote:
>
>> I suppose it's "Toby's Sports Shop". Who will want to make this recursive ?
>> Do you suggest that we prevent this ?
>>
>> Jacques
>>
>> From: "ian tabangay" <it...@gmail.com>
>>
>> Hi. What would be best way to handle inputs that are non alpha-numeric?
>>> HTML
>>> specific characters can render a form useless or worse inject scripts into
>>> the page. Ive made an example in https://demo.hotwaxmedia.com site. Go to
>>>
>>> https://demo.hotwaxmedia.com/facility/control/EditFacility?facilityId=10000
>>> .
>>> Notice the description of this facility. Also, try to add the same
>>> facility
>>> as its parent facility. Notice that nothing happens when you click the
>>> facilityId 10000 on the Lookup screen.
>>>
>>> ~ Ian
>>>
>>>
>
Re: Inputing HTML specific characters
Posted by ian tabangay <it...@gmail.com>.
No thats not my point. Sorry for the bad example. But if you'll find other
Lookups for Facility and try to select "Toby's Sports Shop", you'll notice
that the Lookup doesnt work. The field parent facility id is just an example
to pop out the Lookup Form for the Facility.
~ Ian
On Thu, Sep 25, 2008 at 6:01 PM, Jacques Le Roux <
jacques.le.roux@les7arts.com> wrote:
> I suppose it's "Toby's Sports Shop". Who will want to make this recursive ?
> Do you suggest that we prevent this ?
>
> Jacques
>
> From: "ian tabangay" <it...@gmail.com>
>
> Hi. What would be best way to handle inputs that are non alpha-numeric?
>> HTML
>> specific characters can render a form useless or worse inject scripts into
>> the page. Ive made an example in https://demo.hotwaxmedia.com site. Go to
>>
>> https://demo.hotwaxmedia.com/facility/control/EditFacility?facilityId=10000
>> .
>> Notice the description of this facility. Also, try to add the same
>> facility
>> as its parent facility. Notice that nothing happens when you click the
>> facilityId 10000 on the Lookup screen.
>>
>> ~ Ian
>>
>>
Re: Inputing HTML specific characters
Posted by Jacques Le Roux <ja...@les7arts.com>.
I suppose it's "Toby's Sports Shop". Who will want to make this recursive ? Do you suggest that we prevent this ?
Jacques
From: "ian tabangay" <it...@gmail.com>
> Hi. What would be best way to handle inputs that are non alpha-numeric? HTML
> specific characters can render a form useless or worse inject scripts into
> the page. Ive made an example in https://demo.hotwaxmedia.com site. Go to
> https://demo.hotwaxmedia.com/facility/control/EditFacility?facilityId=10000.
> Notice the description of this facility. Also, try to add the same facility
> as its parent facility. Notice that nothing happens when you click the
> facilityId 10000 on the Lookup screen.
>
> ~ Ian
>