You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ofbiz.apache.org by ha...@apache.org on 2009/05/12 05:20:31 UTC

svn commit: r773772 - /ofbiz/trunk/applications/order/servicedef/services_request.xml

Author: hansbak
Date: Tue May 12 03:20:28 2009
New Revision: 773772

URL: http://svn.apache.org/viewvc?rev=773772&view=rev
Log:
allow safe html in customer request name and item content

Modified:
    ofbiz/trunk/applications/order/servicedef/services_request.xml

Modified: ofbiz/trunk/applications/order/servicedef/services_request.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/servicedef/services_request.xml?rev=773772&r1=773771&r2=773772&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/servicedef/services_request.xml (original)
+++ ofbiz/trunk/applications/order/servicedef/services_request.xml Tue May 12 03:20:28 2009
@@ -42,6 +42,7 @@
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
         <attribute name="fromPartyId" type="String" mode="IN" optional="false"/>
         <auto-attributes include="all" mode="IN" entity-name="CustRequestItem" optional="true"/>
+        <override name="custRequestName" allow-html="safe"/>
     </service>
     <service name="updateCustRequest" engine="simple" default-entity-name="CustRequest"
             location="component://order/script/org/ofbiz/order/request/CustRequestServices.xml" invoke="updateCustRequest" auth="true">
@@ -73,12 +74,14 @@
         <auto-attributes include="pk" mode="INOUT" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
         <override name="custRequestItemSeqId" optional="true"/>
+        <override name="story" allow-html="safe"/>
     </service>
     <service name="updateCustRequestItem" engine="simple" default-entity-name="CustRequestItem"
             location="component://order/script/org/ofbiz/order/request/CustRequestServices.xml" invoke="updateCustRequestItem" auth="true">
         <description>Update a CustRequestItem record</description>
         <auto-attributes include="pk" mode="IN" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
+        <override name="story" allow-html="safe"/>
     </service>
     <service name="copyCustRequestItem" default-entity-name="CustRequestItem" engine="simple"
                 location="component://order/script/org/ofbiz/order/request/CustRequestServices.xml" invoke="copyCustRequestItem" auth="true">
@@ -168,6 +171,7 @@
         <attribute name="custRequestName" mode="IN" type="String" optional="true"/>
         <attribute name="custRequestId" mode="OUT" type="String" optional="false"/>
         <override name="content" allow-html="safe"/>
+        <override name="custRequestName" allow-html="safe"/>
     </service>
 
     <!-- custRequest content services -->

Re: svn commit: r773772 - /ofbiz/trunk/applications/order/servicedef/services_request.xml

Posted by Scott Gray <sc...@hotwaxmedia.com>.

Yeah thanks, it didn't take me long to realize that it was indeed a  
stupid question.

Your second point makes sense to me, but I don't really know enough to  
comment, I'm not even sure what elements are considered safe.

Thanks
Scott

On 12/05/2009, at 4:33 PM, Hans Bakker wrote:

> people would like to use the characters ">" and "<"
>
> is it perhaps a good idea to have all "description", "name" and  
> perhaps
> other fields by default set to "safe" ?
>
> Regards
> Hans
>
> On Tue, 2009-05-12 at 16:24 +1200, Scott Gray wrote:
>> Hi Hans
>>
>> Sorry if this is a stupid question, I haven't really looked in to the
>> new html security stuff yet, but why would requestName contain html?
>>
>> Thanks
>> Scott
>>
>> On 12/05/2009, at 3:20 PM, hansbak@apache.org wrote:
>>
>>> Author: hansbak
>>> Date: Tue May 12 03:20:28 2009
>>> New Revision: 773772
>>>
>>> URL: http://svn.apache.org/viewvc?rev=773772&view=rev
>>> Log:
>>> allow safe html in customer request name and item content
>>>
>>> Modified:
>>>   ofbiz/trunk/applications/order/servicedef/services_request.xml
>>>
>>> Modified: ofbiz/trunk/applications/order/servicedef/
>>> services_request.xml
>>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/servicedef/services_request.xml?rev=773772&r1=773771&r2=773772&view=diff
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> = 
>>> = 
>>> ====================================================================
>>> --- ofbiz/trunk/applications/order/servicedef/services_request.xml
>>> (original)
>>> +++ ofbiz/trunk/applications/order/servicedef/services_request.xml
>>> Tue May 12 03:20:28 2009
>>> @@ -42,6 +42,7 @@
>>>        <auto-attributes include="nonpk" mode="IN" optional="true"/>
>>>        <attribute name="fromPartyId" type="String" mode="IN"
>>> optional="false"/>
>>>        <auto-attributes include="all" mode="IN" entity-
>>> name="CustRequestItem" optional="true"/>
>>> +        <override name="custRequestName" allow-html="safe"/>
>>>    </service>
>>>    <service name="updateCustRequest" engine="simple" default-entity-
>>> name="CustRequest"
>>>            location="component://order/script/org/ofbiz/order/
>>> request/CustRequestServices.xml" invoke="updateCustRequest"
>>> auth="true">
>>> @@ -73,12 +74,14 @@
>>>        <auto-attributes include="pk" mode="INOUT" optional="false"/>
>>>        <auto-attributes include="nonpk" mode="IN" optional="true"/>
>>>        <override name="custRequestItemSeqId" optional="true"/>
>>> +        <override name="story" allow-html="safe"/>
>>>    </service>
>>>    <service name="updateCustRequestItem" engine="simple" default-
>>> entity-name="CustRequestItem"
>>>            location="component://order/script/org/ofbiz/order/
>>> request/CustRequestServices.xml" invoke="updateCustRequestItem"
>>> auth="true">
>>>        <description>Update a CustRequestItem record</description>
>>>        <auto-attributes include="pk" mode="IN" optional="false"/>
>>>        <auto-attributes include="nonpk" mode="IN" optional="true"/>
>>> +        <override name="story" allow-html="safe"/>
>>>    </service>
>>>    <service name="copyCustRequestItem" default-entity-
>>> name="CustRequestItem" engine="simple"
>>>                location="component://order/script/org/ofbiz/order/
>>> request/CustRequestServices.xml" invoke="copyCustRequestItem"
>>> auth="true">
>>> @@ -168,6 +171,7 @@
>>>        <attribute name="custRequestName" mode="IN" type="String"
>>> optional="true"/>
>>>        <attribute name="custRequestId" mode="OUT" type="String"
>>> optional="false"/>
>>>        <override name="content" allow-html="safe"/>
>>> +        <override name="custRequestName" allow-html="safe"/>
>>>    </service>
>>>
>>>    <!-- custRequest content services -->
>>>
>>>
>>
> -- 
> Antwebsystems.com: Quality OFBiz services for competitive rates
>

Re: svn commit: r773772 - /ofbiz/trunk/applications/order/servicedef/services_request.xml

Posted by Hans Bakker <ma...@antwebsystems.com>.

people would like to use the characters ">" and "<"

is it perhaps a good idea to have all "description", "name" and perhaps
other fields by default set to "safe" ?

Regards
Hans

On Tue, 2009-05-12 at 16:24 +1200, Scott Gray wrote:
> Hi Hans
> 
> Sorry if this is a stupid question, I haven't really looked in to the  
> new html security stuff yet, but why would requestName contain html?
> 
> Thanks
> Scott
> 
> On 12/05/2009, at 3:20 PM, hansbak@apache.org wrote:
> 
> > Author: hansbak
> > Date: Tue May 12 03:20:28 2009
> > New Revision: 773772
> >
> > URL: http://svn.apache.org/viewvc?rev=773772&view=rev
> > Log:
> > allow safe html in customer request name and item content
> >
> > Modified:
> >    ofbiz/trunk/applications/order/servicedef/services_request.xml
> >
> > Modified: ofbiz/trunk/applications/order/servicedef/ 
> > services_request.xml
> > URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/servicedef/services_request.xml?rev=773772&r1=773771&r2=773772&view=diff
> > = 
> > = 
> > = 
> > = 
> > = 
> > = 
> > = 
> > = 
> > ======================================================================
> > --- ofbiz/trunk/applications/order/servicedef/services_request.xml  
> > (original)
> > +++ ofbiz/trunk/applications/order/servicedef/services_request.xml  
> > Tue May 12 03:20:28 2009
> > @@ -42,6 +42,7 @@
> >         <auto-attributes include="nonpk" mode="IN" optional="true"/>
> >         <attribute name="fromPartyId" type="String" mode="IN"  
> > optional="false"/>
> >         <auto-attributes include="all" mode="IN" entity- 
> > name="CustRequestItem" optional="true"/>
> > +        <override name="custRequestName" allow-html="safe"/>
> >     </service>
> >     <service name="updateCustRequest" engine="simple" default-entity- 
> > name="CustRequest"
> >             location="component://order/script/org/ofbiz/order/ 
> > request/CustRequestServices.xml" invoke="updateCustRequest"  
> > auth="true">
> > @@ -73,12 +74,14 @@
> >         <auto-attributes include="pk" mode="INOUT" optional="false"/>
> >         <auto-attributes include="nonpk" mode="IN" optional="true"/>
> >         <override name="custRequestItemSeqId" optional="true"/>
> > +        <override name="story" allow-html="safe"/>
> >     </service>
> >     <service name="updateCustRequestItem" engine="simple" default- 
> > entity-name="CustRequestItem"
> >             location="component://order/script/org/ofbiz/order/ 
> > request/CustRequestServices.xml" invoke="updateCustRequestItem"  
> > auth="true">
> >         <description>Update a CustRequestItem record</description>
> >         <auto-attributes include="pk" mode="IN" optional="false"/>
> >         <auto-attributes include="nonpk" mode="IN" optional="true"/>
> > +        <override name="story" allow-html="safe"/>
> >     </service>
> >     <service name="copyCustRequestItem" default-entity- 
> > name="CustRequestItem" engine="simple"
> >                 location="component://order/script/org/ofbiz/order/ 
> > request/CustRequestServices.xml" invoke="copyCustRequestItem"  
> > auth="true">
> > @@ -168,6 +171,7 @@
> >         <attribute name="custRequestName" mode="IN" type="String"  
> > optional="true"/>
> >         <attribute name="custRequestId" mode="OUT" type="String"  
> > optional="false"/>
> >         <override name="content" allow-html="safe"/>
> > +        <override name="custRequestName" allow-html="safe"/>
> >     </service>
> >
> >     <!-- custRequest content services -->
> >
> >
> 
-- 
Antwebsystems.com: Quality OFBiz services for competitive rates

Re: svn commit: r773772 - /ofbiz/trunk/applications/order/servicedef/services_request.xml

Posted by Scott Gray <sc...@hotwaxmedia.com>.

Hi Hans

Sorry if this is a stupid question, I haven't really looked in to the  
new html security stuff yet, but why would requestName contain html?

Thanks
Scott

On 12/05/2009, at 3:20 PM, hansbak@apache.org wrote:

> Author: hansbak
> Date: Tue May 12 03:20:28 2009
> New Revision: 773772
>
> URL: http://svn.apache.org/viewvc?rev=773772&view=rev
> Log:
> allow safe html in customer request name and item content
>
> Modified:
>    ofbiz/trunk/applications/order/servicedef/services_request.xml
>
> Modified: ofbiz/trunk/applications/order/servicedef/ 
> services_request.xml
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/servicedef/services_request.xml?rev=773772&r1=773771&r2=773772&view=diff
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> ======================================================================
> --- ofbiz/trunk/applications/order/servicedef/services_request.xml  
> (original)
> +++ ofbiz/trunk/applications/order/servicedef/services_request.xml  
> Tue May 12 03:20:28 2009
> @@ -42,6 +42,7 @@
>         <auto-attributes include="nonpk" mode="IN" optional="true"/>
>         <attribute name="fromPartyId" type="String" mode="IN"  
> optional="false"/>
>         <auto-attributes include="all" mode="IN" entity- 
> name="CustRequestItem" optional="true"/>
> +        <override name="custRequestName" allow-html="safe"/>
>     </service>
>     <service name="updateCustRequest" engine="simple" default-entity- 
> name="CustRequest"
>             location="component://order/script/org/ofbiz/order/ 
> request/CustRequestServices.xml" invoke="updateCustRequest"  
> auth="true">
> @@ -73,12 +74,14 @@
>         <auto-attributes include="pk" mode="INOUT" optional="false"/>
>         <auto-attributes include="nonpk" mode="IN" optional="true"/>
>         <override name="custRequestItemSeqId" optional="true"/>
> +        <override name="story" allow-html="safe"/>
>     </service>
>     <service name="updateCustRequestItem" engine="simple" default- 
> entity-name="CustRequestItem"
>             location="component://order/script/org/ofbiz/order/ 
> request/CustRequestServices.xml" invoke="updateCustRequestItem"  
> auth="true">
>         <description>Update a CustRequestItem record</description>
>         <auto-attributes include="pk" mode="IN" optional="false"/>
>         <auto-attributes include="nonpk" mode="IN" optional="true"/>
> +        <override name="story" allow-html="safe"/>
>     </service>
>     <service name="copyCustRequestItem" default-entity- 
> name="CustRequestItem" engine="simple"
>                 location="component://order/script/org/ofbiz/order/ 
> request/CustRequestServices.xml" invoke="copyCustRequestItem"  
> auth="true">
> @@ -168,6 +171,7 @@
>         <attribute name="custRequestName" mode="IN" type="String"  
> optional="true"/>
>         <attribute name="custRequestId" mode="OUT" type="String"  
> optional="false"/>
>         <override name="content" allow-html="safe"/>
> +        <override name="custRequestName" allow-html="safe"/>
>     </service>
>
>     <!-- custRequest content services -->
>
>