Re: svn commit: r745614 - /ofbiz/trunk/applications/party/servicedef/services.xml

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: svn commit: r745614 - /ofbiz/trunk/applications/party/servicedef/services.xml

David E. Jones-2

It is better to not allow HTML in all of the attributes, and instead  
allow it only in the ones that need it. In other words, using allow-
html on the auto-attributes tag is generally a bad practice and  
instead just use the override tag with allow-html for the specific  
attributes/parameters you want to allow HTML in.

-David


On Feb 18, 2009, at 12:10 PM, [hidden email] wrote:

> Author: jleroux
> Date: Wed Feb 18 19:10:47 2009
> New Revision: 745614
>
> URL: http://svn.apache.org/viewvc?rev=745614&view=rev
> Log:
> We need this in order to https://issues.apache.org/jira/browse/OFBIZ-2000 
>  to work (and some others I guess)
>
> Modified:
>    ofbiz/trunk/applications/party/servicedef/services.xml
>
> Modified: ofbiz/trunk/applications/party/servicedef/services.xml
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/servicedef/services.xml?rev=745614&r1=745613&r2=745614&view=diff
> =
> =
> =
> =
> =
> =
> =
> =
> ======================================================================
> --- ofbiz/trunk/applications/party/servicedef/services.xml (original)
> +++ ofbiz/trunk/applications/party/servicedef/services.xml Wed Feb  
> 18 19:10:47 2009
> @@ -658,8 +658,8 @@
>
>     <service name="createCommunicationEventInterface"  
> engine="interface" location="" invoke="">
>         <description>Create a Communication Event with or w/o  
> permission check</description>
> -        <auto-attributes entity-name="CommunicationEvent"  
> include="nonpk" mode="IN" optional="true"/>
> -        <auto-attributes entity-name="CommunicationEvent"  
> include="pk" mode="INOUT" optional="true"/>
> +        <auto-attributes entity-name="CommunicationEvent"  
> include="nonpk" mode="IN" optional="true" allow-html="any"/>
> +        <auto-attributes entity-name="CommunicationEvent"  
> include="pk" mode="INOUT" optional="true" allow-html="any"/>
>         <attribute name="productId" type="String" mode="IN"  
> optional="true"/>
>         <attribute name="orderId" type="String" mode="IN"  
> optional="true"/>
>         <attribute name="custRequestId" type="String" mode="IN"  
> optional="true"/>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: svn commit: r745614 - /ofbiz/trunk/applications/party/servicedef/services.xml

Jacques Le Roux
Administrator
Thanks for the advice David,

Done in revision 745787.

Jacques

From: "David E Jones" <[hidden email]>

>
> It is better to not allow HTML in all of the attributes, and instead  allow it only in the ones that need it. In other words,
> using allow- html on the auto-attributes tag is generally a bad practice and  instead just use the override tag with allow-html
> for the specific  attributes/parameters you want to allow HTML in.
>
> -David
>
>
> On Feb 18, 2009, at 12:10 PM, [hidden email] wrote:
>
>> Author: jleroux
>> Date: Wed Feb 18 19:10:47 2009
>> New Revision: 745614
>>
>> URL: http://svn.apache.org/viewvc?rev=745614&view=rev
>> Log:
>> We need this in order to https://issues.apache.org/jira/browse/OFBIZ-2000 to work (and some others I guess)
>>
>> Modified:
>>    ofbiz/trunk/applications/party/servicedef/services.xml
>>
>> Modified: ofbiz/trunk/applications/party/servicedef/services.xml
>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/servicedef/services.xml?rev=745614&r1=745613&r2=745614&view=diff
>> = = = = = = = = ======================================================================
>> --- ofbiz/trunk/applications/party/servicedef/services.xml (original)
>> +++ ofbiz/trunk/applications/party/servicedef/services.xml Wed Feb  18 19:10:47 2009
>> @@ -658,8 +658,8 @@
>>
>>     <service name="createCommunicationEventInterface"  engine="interface" location="" invoke="">
>>         <description>Create a Communication Event with or w/o  permission check</description>
>> -        <auto-attributes entity-name="CommunicationEvent"  include="nonpk" mode="IN" optional="true"/>
>> -        <auto-attributes entity-name="CommunicationEvent"  include="pk" mode="INOUT" optional="true"/>
>> +        <auto-attributes entity-name="CommunicationEvent"  include="nonpk" mode="IN" optional="true" allow-html="any"/>
>> +        <auto-attributes entity-name="CommunicationEvent"  include="pk" mode="INOUT" optional="true" allow-html="any"/>
>>         <attribute name="productId" type="String" mode="IN"  optional="true"/>
>>         <attribute name="orderId" type="String" mode="IN"  optional="true"/>
>>         <attribute name="custRequestId" type="String" mode="IN"  optional="true"/>
>>
>>
>