You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by ha...@apache.org on 2009/05/12 05:20:31 UTC
svn commit: r773772 -
/ofbiz/trunk/applications/order/servicedef/services_request.xml
Author: hansbak
Date: Tue May 12 03:20:28 2009
New Revision: 773772
URL: http://svn.apache.org/viewvc?rev=773772&view=rev
Log:
allow safe html in customer request name and item content
Modified:
ofbiz/trunk/applications/order/servicedef/services_request.xml
Modified: ofbiz/trunk/applications/order/servicedef/services_request.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/servicedef/services_request.xml?rev=773772&r1=773771&r2=773772&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/servicedef/services_request.xml (original)
+++ ofbiz/trunk/applications/order/servicedef/services_request.xml Tue May 12 03:20:28 2009
@@ -42,6 +42,7 @@
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<attribute name="fromPartyId" type="String" mode="IN" optional="false"/>
<auto-attributes include="all" mode="IN" entity-name="CustRequestItem" optional="true"/>
+ <override name="custRequestName" allow-html="safe"/>
</service>
<service name="updateCustRequest" engine="simple" default-entity-name="CustRequest"
location="component://order/script/org/ofbiz/order/request/CustRequestServices.xml" invoke="updateCustRequest" auth="true">
@@ -73,12 +74,14 @@
<auto-attributes include="pk" mode="INOUT" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<override name="custRequestItemSeqId" optional="true"/>
+ <override name="story" allow-html="safe"/>
</service>
<service name="updateCustRequestItem" engine="simple" default-entity-name="CustRequestItem"
location="component://order/script/org/ofbiz/order/request/CustRequestServices.xml" invoke="updateCustRequestItem" auth="true">
<description>Update a CustRequestItem record</description>
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
+ <override name="story" allow-html="safe"/>
</service>
<service name="copyCustRequestItem" default-entity-name="CustRequestItem" engine="simple"
location="component://order/script/org/ofbiz/order/request/CustRequestServices.xml" invoke="copyCustRequestItem" auth="true">
@@ -168,6 +171,7 @@
<attribute name="custRequestName" mode="IN" type="String" optional="true"/>
<attribute name="custRequestId" mode="OUT" type="String" optional="false"/>
<override name="content" allow-html="safe"/>
+ <override name="custRequestName" allow-html="safe"/>
</service>
<!-- custRequest content services -->
Re: svn commit: r773772 - /ofbiz/trunk/applications/order/servicedef/services_request.xml
Posted by Scott Gray <sc...@hotwaxmedia.com>.
Yeah thanks, it didn't take me long to realize that it was indeed a
stupid question.
Your second point makes sense to me, but I don't really know enough to
comment, I'm not even sure what elements are considered safe.
Thanks
Scott
On 12/05/2009, at 4:33 PM, Hans Bakker wrote:
> people would like to use the characters ">" and "<"
>
> is it perhaps a good idea to have all "description", "name" and
> perhaps
> other fields by default set to "safe" ?
>
> Regards
> Hans
>
> On Tue, 2009-05-12 at 16:24 +1200, Scott Gray wrote:
>> Hi Hans
>>
>> Sorry if this is a stupid question, I haven't really looked in to the
>> new html security stuff yet, but why would requestName contain html?
>>
>> Thanks
>> Scott
>>
>> On 12/05/2009, at 3:20 PM, hansbak@apache.org wrote:
>>
>>> Author: hansbak
>>> Date: Tue May 12 03:20:28 2009
>>> New Revision: 773772
>>>
>>> URL: http://svn.apache.org/viewvc?rev=773772&view=rev
>>> Log:
>>> allow safe html in customer request name and item content
>>>
>>> Modified:
>>> ofbiz/trunk/applications/order/servicedef/services_request.xml
>>>
>>> Modified: ofbiz/trunk/applications/order/servicedef/
>>> services_request.xml
>>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/servicedef/services_request.xml?rev=773772&r1=773771&r2=773772&view=diff
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> ====================================================================
>>> --- ofbiz/trunk/applications/order/servicedef/services_request.xml
>>> (original)
>>> +++ ofbiz/trunk/applications/order/servicedef/services_request.xml
>>> Tue May 12 03:20:28 2009
>>> @@ -42,6 +42,7 @@
>>> <auto-attributes include="nonpk" mode="IN" optional="true"/>
>>> <attribute name="fromPartyId" type="String" mode="IN"
>>> optional="false"/>
>>> <auto-attributes include="all" mode="IN" entity-
>>> name="CustRequestItem" optional="true"/>
>>> + <override name="custRequestName" allow-html="safe"/>
>>> </service>
>>> <service name="updateCustRequest" engine="simple" default-entity-
>>> name="CustRequest"
>>> location="component://order/script/org/ofbiz/order/
>>> request/CustRequestServices.xml" invoke="updateCustRequest"
>>> auth="true">
>>> @@ -73,12 +74,14 @@
>>> <auto-attributes include="pk" mode="INOUT" optional="false"/>
>>> <auto-attributes include="nonpk" mode="IN" optional="true"/>
>>> <override name="custRequestItemSeqId" optional="true"/>
>>> + <override name="story" allow-html="safe"/>
>>> </service>
>>> <service name="updateCustRequestItem" engine="simple" default-
>>> entity-name="CustRequestItem"
>>> location="component://order/script/org/ofbiz/order/
>>> request/CustRequestServices.xml" invoke="updateCustRequestItem"
>>> auth="true">
>>> <description>Update a CustRequestItem record</description>
>>> <auto-attributes include="pk" mode="IN" optional="false"/>
>>> <auto-attributes include="nonpk" mode="IN" optional="true"/>
>>> + <override name="story" allow-html="safe"/>
>>> </service>
>>> <service name="copyCustRequestItem" default-entity-
>>> name="CustRequestItem" engine="simple"
>>> location="component://order/script/org/ofbiz/order/
>>> request/CustRequestServices.xml" invoke="copyCustRequestItem"
>>> auth="true">
>>> @@ -168,6 +171,7 @@
>>> <attribute name="custRequestName" mode="IN" type="String"
>>> optional="true"/>
>>> <attribute name="custRequestId" mode="OUT" type="String"
>>> optional="false"/>
>>> <override name="content" allow-html="safe"/>
>>> + <override name="custRequestName" allow-html="safe"/>
>>> </service>
>>>
>>> <!-- custRequest content services -->
>>>
>>>
>>
> --
> Antwebsystems.com: Quality OFBiz services for competitive rates
>
Re: svn commit: r773772 -
/ofbiz/trunk/applications/order/servicedef/services_request.xml
Posted by Hans Bakker <ma...@antwebsystems.com>.
people would like to use the characters ">" and "<"
is it perhaps a good idea to have all "description", "name" and perhaps
other fields by default set to "safe" ?
Regards
Hans
On Tue, 2009-05-12 at 16:24 +1200, Scott Gray wrote:
> Hi Hans
>
> Sorry if this is a stupid question, I haven't really looked in to the
> new html security stuff yet, but why would requestName contain html?
>
> Thanks
> Scott
>
> On 12/05/2009, at 3:20 PM, hansbak@apache.org wrote:
>
> > Author: hansbak
> > Date: Tue May 12 03:20:28 2009
> > New Revision: 773772
> >
> > URL: http://svn.apache.org/viewvc?rev=773772&view=rev
> > Log:
> > allow safe html in customer request name and item content
> >
> > Modified:
> > ofbiz/trunk/applications/order/servicedef/services_request.xml
> >
> > Modified: ofbiz/trunk/applications/order/servicedef/
> > services_request.xml
> > URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/servicedef/services_request.xml?rev=773772&r1=773771&r2=773772&view=diff
> > =
> > =
> > =
> > =
> > =
> > =
> > =
> > =
> > ======================================================================
> > --- ofbiz/trunk/applications/order/servicedef/services_request.xml
> > (original)
> > +++ ofbiz/trunk/applications/order/servicedef/services_request.xml
> > Tue May 12 03:20:28 2009
> > @@ -42,6 +42,7 @@
> > <auto-attributes include="nonpk" mode="IN" optional="true"/>
> > <attribute name="fromPartyId" type="String" mode="IN"
> > optional="false"/>
> > <auto-attributes include="all" mode="IN" entity-
> > name="CustRequestItem" optional="true"/>
> > + <override name="custRequestName" allow-html="safe"/>
> > </service>
> > <service name="updateCustRequest" engine="simple" default-entity-
> > name="CustRequest"
> > location="component://order/script/org/ofbiz/order/
> > request/CustRequestServices.xml" invoke="updateCustRequest"
> > auth="true">
> > @@ -73,12 +74,14 @@
> > <auto-attributes include="pk" mode="INOUT" optional="false"/>
> > <auto-attributes include="nonpk" mode="IN" optional="true"/>
> > <override name="custRequestItemSeqId" optional="true"/>
> > + <override name="story" allow-html="safe"/>
> > </service>
> > <service name="updateCustRequestItem" engine="simple" default-
> > entity-name="CustRequestItem"
> > location="component://order/script/org/ofbiz/order/
> > request/CustRequestServices.xml" invoke="updateCustRequestItem"
> > auth="true">
> > <description>Update a CustRequestItem record</description>
> > <auto-attributes include="pk" mode="IN" optional="false"/>
> > <auto-attributes include="nonpk" mode="IN" optional="true"/>
> > + <override name="story" allow-html="safe"/>
> > </service>
> > <service name="copyCustRequestItem" default-entity-
> > name="CustRequestItem" engine="simple"
> > location="component://order/script/org/ofbiz/order/
> > request/CustRequestServices.xml" invoke="copyCustRequestItem"
> > auth="true">
> > @@ -168,6 +171,7 @@
> > <attribute name="custRequestName" mode="IN" type="String"
> > optional="true"/>
> > <attribute name="custRequestId" mode="OUT" type="String"
> > optional="false"/>
> > <override name="content" allow-html="safe"/>
> > + <override name="custRequestName" allow-html="safe"/>
> > </service>
> >
> > <!-- custRequest content services -->
> >
> >
>
--
Antwebsystems.com: Quality OFBiz services for competitive rates
Re: svn commit: r773772 - /ofbiz/trunk/applications/order/servicedef/services_request.xml
Posted by Scott Gray <sc...@hotwaxmedia.com>.
Hi Hans
Sorry if this is a stupid question, I haven't really looked in to the
new html security stuff yet, but why would requestName contain html?
Thanks
Scott
On 12/05/2009, at 3:20 PM, hansbak@apache.org wrote:
> Author: hansbak
> Date: Tue May 12 03:20:28 2009
> New Revision: 773772
>
> URL: http://svn.apache.org/viewvc?rev=773772&view=rev
> Log:
> allow safe html in customer request name and item content
>
> Modified:
> ofbiz/trunk/applications/order/servicedef/services_request.xml
>
> Modified: ofbiz/trunk/applications/order/servicedef/
> services_request.xml
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/servicedef/services_request.xml?rev=773772&r1=773771&r2=773772&view=diff
> =
> =
> =
> =
> =
> =
> =
> =
> ======================================================================
> --- ofbiz/trunk/applications/order/servicedef/services_request.xml
> (original)
> +++ ofbiz/trunk/applications/order/servicedef/services_request.xml
> Tue May 12 03:20:28 2009
> @@ -42,6 +42,7 @@
> <auto-attributes include="nonpk" mode="IN" optional="true"/>
> <attribute name="fromPartyId" type="String" mode="IN"
> optional="false"/>
> <auto-attributes include="all" mode="IN" entity-
> name="CustRequestItem" optional="true"/>
> + <override name="custRequestName" allow-html="safe"/>
> </service>
> <service name="updateCustRequest" engine="simple" default-entity-
> name="CustRequest"
> location="component://order/script/org/ofbiz/order/
> request/CustRequestServices.xml" invoke="updateCustRequest"
> auth="true">
> @@ -73,12 +74,14 @@
> <auto-attributes include="pk" mode="INOUT" optional="false"/>
> <auto-attributes include="nonpk" mode="IN" optional="true"/>
> <override name="custRequestItemSeqId" optional="true"/>
> + <override name="story" allow-html="safe"/>
> </service>
> <service name="updateCustRequestItem" engine="simple" default-
> entity-name="CustRequestItem"
> location="component://order/script/org/ofbiz/order/
> request/CustRequestServices.xml" invoke="updateCustRequestItem"
> auth="true">
> <description>Update a CustRequestItem record</description>
> <auto-attributes include="pk" mode="IN" optional="false"/>
> <auto-attributes include="nonpk" mode="IN" optional="true"/>
> + <override name="story" allow-html="safe"/>
> </service>
> <service name="copyCustRequestItem" default-entity-
> name="CustRequestItem" engine="simple"
> location="component://order/script/org/ofbiz/order/
> request/CustRequestServices.xml" invoke="copyCustRequestItem"
> auth="true">
> @@ -168,6 +171,7 @@
> <attribute name="custRequestName" mode="IN" type="String"
> optional="true"/>
> <attribute name="custRequestId" mode="OUT" type="String"
> optional="false"/>
> <override name="content" allow-html="safe"/>
> + <override name="custRequestName" allow-html="safe"/>
> </service>
>
> <!-- custRequest content services -->
>
>