Re: svn commit: r773772 - /ofbiz/trunk/applications/orde
Locked
Re: svn commit: r773772 - /ofbiz/trunk/applications/orde
 
|
Hi Hans
Sorry if this is a stupid question, I haven't really looked in to the new html security stuff yet, but why would requestName contain html? Thanks Scott On 12/05/2009, at 3:20 PM, [hidden email] wrote: > Author: hansbak > Date: Tue May 12 03:20:28 2009 > New Revision: 773772 > > URL: http://svn.apache.org/viewvc?rev=773772&view=rev > Log: > allow safe html in customer request name and item content > > Modified: > ofbiz/trunk/applications/order/servicedef/services_request.xml > > Modified: ofbiz/trunk/applications/order/servicedef/ > services_request.xml > URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/servicedef/services_request.xml?rev=773772&r1=773771&r2=773772&view=diff > = > = > = > = > = > = > = > = > ====================================================================== > --- ofbiz/trunk/applications/order/servicedef/services_request.xml > (original) > +++ ofbiz/trunk/applications/order/servicedef/services_request.xml > Tue May 12 03:20:28 2009 > @@ -42,6 +42,7 @@ > <auto-attributes include="nonpk" mode="IN" optional="true"/> > <attribute name="fromPartyId" type="String" mode="IN" > optional="false"/> > <auto-attributes include="all" mode="IN" entity- > name="CustRequestItem" optional="true"/> > + <override name="custRequestName" allow-html="safe"/> > </service> > <service name="updateCustRequest" engine="simple" default-entity- > name="CustRequest" > location="component://order/script/org/ofbiz/order/ > request/CustRequestServices.xml" invoke="updateCustRequest" > auth="true"> > @@ -73,12 +74,14 @@ > <auto-attributes include="pk" mode="INOUT" optional="false"/> > <auto-attributes include="nonpk" mode="IN" optional="true"/> > <override name="custRequestItemSeqId" optional="true"/> > + <override name="story" allow-html="safe"/> > </service> > <service name="updateCustRequestItem" engine="simple" default- > entity-name="CustRequestItem" > location="component://order/script/org/ofbiz/order/ > request/CustRequestServices.xml" invoke="updateCustRequestItem" > auth="true"> > <description>Update a CustRequestItem record</description> > <auto-attributes include="pk" mode="IN" optional="false"/> > <auto-attributes include="nonpk" mode="IN" optional="true"/> > + <override name="story" allow-html="safe"/> > </service> > <service name="copyCustRequestItem" default-entity- > name="CustRequestItem" engine="simple" > location="component://order/script/org/ofbiz/order/ > request/CustRequestServices.xml" invoke="copyCustRequestItem" > auth="true"> > @@ -168,6 +171,7 @@ > <attribute name="custRequestName" mode="IN" type="String" > optional="true"/> > <attribute name="custRequestId" mode="OUT" type="String" > optional="false"/> > <override name="content" allow-html="safe"/> > + <override name="custRequestName" allow-html="safe"/> > </service> > > <!-- custRequest content services --> > > |
smime.p7s (3K)
Re: svn commit: r773772 - /ofbiz/trunk/applications/orde
|
Re: svn commit: r773772 - /ofbiz/trunk/applications/orde
|
|
Yeah thanks, it didn't take me long to realize that it was indeed a
stupid question. Your second point makes sense to me, but I don't really know enough to comment, I'm not even sure what elements are considered safe. Thanks Scott On 12/05/2009, at 4:33 PM, Hans Bakker wrote: > people would like to use the characters ">" and "<" > > is it perhaps a good idea to have all "description", "name" and > perhaps > other fields by default set to "safe" ? > > Regards > Hans > > On Tue, 2009-05-12 at 16:24 +1200, Scott Gray wrote: >> Hi Hans >> >> Sorry if this is a stupid question, I haven't really looked in to the >> new html security stuff yet, but why would requestName contain html? >> >> Thanks >> Scott >> >> On 12/05/2009, at 3:20 PM, [hidden email] wrote: >> >>> Author: hansbak >>> Date: Tue May 12 03:20:28 2009 >>> New Revision: 773772 >>> >>> URL: http://svn.apache.org/viewvc?rev=773772&view=rev >>> Log: >>> allow safe html in customer request name and item content >>> >>> Modified: >>> ofbiz/trunk/applications/order/servicedef/services_request.xml >>> >>> Modified: ofbiz/trunk/applications/order/servicedef/ >>> services_request.xml >>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/servicedef/services_request.xml?rev=773772&r1=773771&r2=773772&view=diff >>> = >>> = >>> = >>> = >>> = >>> = >>> = >>> = >>> = >>> = >>> ==================================================================== >>> --- ofbiz/trunk/applications/order/servicedef/services_request.xml >>> (original) >>> +++ ofbiz/trunk/applications/order/servicedef/services_request.xml >>> Tue May 12 03:20:28 2009 >>> @@ -42,6 +42,7 @@ >>> <auto-attributes include="nonpk" mode="IN" optional="true"/> >>> <attribute name="fromPartyId" type="String" mode="IN" >>> optional="false"/> >>> <auto-attributes include="all" mode="IN" entity- >>> name="CustRequestItem" optional="true"/> >>> + <override name="custRequestName" allow-html="safe"/> >>> </service> >>> <service name="updateCustRequest" engine="simple" default-entity- >>> name="CustRequest" >>> location="component://order/script/org/ofbiz/order/ >>> request/CustRequestServices.xml" invoke="updateCustRequest" >>> auth="true"> >>> @@ -73,12 +74,14 @@ >>> <auto-attributes include="pk" mode="INOUT" optional="false"/> >>> <auto-attributes include="nonpk" mode="IN" optional="true"/> >>> <override name="custRequestItemSeqId" optional="true"/> >>> + <override name="story" allow-html="safe"/> >>> </service> >>> <service name="updateCustRequestItem" engine="simple" default- >>> entity-name="CustRequestItem" >>> location="component://order/script/org/ofbiz/order/ >>> request/CustRequestServices.xml" invoke="updateCustRequestItem" >>> auth="true"> >>> <description>Update a CustRequestItem record</description> >>> <auto-attributes include="pk" mode="IN" optional="false"/> >>> <auto-attributes include="nonpk" mode="IN" optional="true"/> >>> + <override name="story" allow-html="safe"/> >>> </service> >>> <service name="copyCustRequestItem" default-entity- >>> name="CustRequestItem" engine="simple" >>> location="component://order/script/org/ofbiz/order/ >>> request/CustRequestServices.xml" invoke="copyCustRequestItem" >>> auth="true"> >>> @@ -168,6 +171,7 @@ >>> <attribute name="custRequestName" mode="IN" type="String" >>> optional="true"/> >>> <attribute name="custRequestId" mode="OUT" type="String" >>> optional="false"/> >>> <override name="content" allow-html="safe"/> >>> + <override name="custRequestName" allow-html="safe"/> >>> </service> >>> >>> <!-- custRequest content services --> >>> >>> >> > -- > Antwebsystems.com: Quality OFBiz services for competitive rates > |
| Free forum by Nabble | Edit this page |