OFBiz › OFBiz - User

Inputing HTML specific characters

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

4 messages Options

ian tabangay

Inputing HTML specific characters

Hi. What would be best way to handle inputs that are non alpha-numeric? HTML
specific characters can render a form useless or worse inject scripts into
the page. Ive made an example in https://demo.hotwaxmedia.com site. Go to
https://demo.hotwaxmedia.com/facility/control/EditFacility?facilityId=10000.
Notice the description of this facility. Also, try to add the same facility
as its parent facility. Notice that nothing happens when you click the
facilityId 10000 on the Lookup screen.

~ Ian

Jacques Le Roux

Re: Inputing HTML specific characters

Administrator

I suppose it's "Toby's Sports Shop". Who will want to make this recursive ? Do you suggest that we prevent this ?

Jacques

From: "ian tabangay" <[hidden email]>

> Hi. What would be best way to handle inputs that are non alpha-numeric? HTML
> specific characters can render a form useless or worse inject scripts into
> the page. Ive made an example in https://demo.hotwaxmedia.com site. Go to
> https://demo.hotwaxmedia.com/facility/control/EditFacility?facilityId=10000.
> Notice the description of this facility. Also, try to add the same facility
> as its parent facility. Notice that nothing happens when you click the
> facilityId 10000 on the Lookup screen.
>
> ~ Ian
>

ian tabangay

Re: Inputing HTML specific characters

No thats not my point. Sorry for the bad example. But if you'll find other
Lookups for Facility and try to select "Toby's Sports Shop", you'll notice
that the Lookup doesnt work. The field parent facility id is just an example
to pop out the Lookup Form for the Facility.

~ Ian

On Thu, Sep 25, 2008 at 6:01 PM, Jacques Le Roux <
[hidden email]> wrote:

> I suppose it's "Toby's Sports Shop". Who will want to make this recursive ?
> Do you suggest that we prevent this ?
>
> Jacques
>
> From: "ian tabangay" <[hidden email]>
>
> Hi. What would be best way to handle inputs that are non alpha-numeric?
>> HTML
>> specific characters can render a form useless or worse inject scripts into
>> the page. Ive made an example in https://demo.hotwaxmedia.com site. Go to
>>
>> https://demo.hotwaxmedia.com/facility/control/EditFacility?facilityId=10000
>> .
>> Notice the description of this facility. Also, try to add the same
>> facility
>> as its parent facility. Notice that nothing happens when you click the
>> facilityId 10000 on the Lookup screen.
>>
>> ~ Ian
>>
>>

Jacques Le Roux

Re: Inputing HTML specific characters

Administrator

OK I see now (I directly entered the Id and did not use the Lookup). Could you please open a Jira issue ?
http://docs.ofbiz.org/display/OFBADMIN/OFBiz+Contributors+Best+Practices

Thanks

Jacques

From: "ian tabangay" <[hidden email]>

> No thats not my point. Sorry for the bad example. But if you'll find other
> Lookups for Facility and try to select "Toby's Sports Shop", you'll notice
> that the Lookup doesnt work. The field parent facility id is just an example
> to pop out the Lookup Form for the Facility.
>
> ~ Ian
>
> On Thu, Sep 25, 2008 at 6:01 PM, Jacques Le Roux <
> [hidden email]> wrote:
>
>> I suppose it's "Toby's Sports Shop". Who will want to make this recursive ?
>> Do you suggest that we prevent this ?
>>
>> Jacques
>>
>> From: "ian tabangay" <[hidden email]>
>>
>> Hi. What would be best way to handle inputs that are non alpha-numeric?
>>> HTML
>>> specific characters can render a form useless or worse inject scripts into
>>> the page. Ive made an example in https://demo.hotwaxmedia.com site. Go to
>>>
>>> https://demo.hotwaxmedia.com/facility/control/EditFacility?facilityId=10000
>>> .
>>> Notice the description of this facility. Also, try to add the same
>>> facility
>>> as its parent facility. Notice that nothing happens when you click the
>>> facilityId 10000 on the Lookup screen.
>>>
>>> ~ Ian
>>>
>>>
>