[jira] [Comment Edited] (OFBIZ-11265) Getting policy error while editing html text data using cms

    [ https://issues.apache.org/jira/browse/OFBIZ-11265?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16965033#comment-16965033 ]

Jacques Le Roux edited comment on OFBIZ-11265 at 11/1/19 6:56 PM:
------------------------------------------------------------------

Hi Pradeep,

This issue is currently blocked by OFBIZ-11266.

This said I agree that we should check the {{sanitizer.enable}} properties when calling {{UtilCodec::checkStringForHtmlSafe}}.

Note, even if it's obvious, that if an user sets {{sanitizer.enable=false}}, then all the services protected by  {{allow-html="safe"}} will lose this protection.

I tried using using  [^OFBIZ-11265.patch]  but got another issue:

{noformat}
2019-11-01 19:23:27,076 |jsse-nio-8443-exec-1 |ServiceEcaRule                |I| For Service ECA [updateDataText] on [invoke] got false for condition: [dataResourceTypeId][not-equals][ELECTRONIC_TEXT][true][S
tring]
2019-11-01 19:23:27,076 |jsse-nio-8443-exec-1 |ServiceDispatcher             |T| Sync service [lucene/updateDataText] finished in [5] milliseconds
2019-11-01 19:23:27,076 |jsse-nio-8443-exec-1 |GroupServiceModel             |I| Running grouped service [updateContent]
2019-11-01 19:23:27,076 |jsse-nio-8443-exec-1 |ModelService                  |E| [ModelService.validate] : {updateContent} : (IN) Required test error: org.apache.ofbiz.service.ServiceValidationException: Le p
aramètre requis suivant manque : [IN] [updateContent.contentId]
2019-11-01 19:23:27,076 |jsse-nio-8443-exec-1 |ServiceDispatcher             |E| Incoming context (in runSync : updateContent) does not match expected requirements
org.apache.ofbiz.service.ServiceValidationException: Le paramètre requis suivant manque : [IN] [updateContent.contentId]
{noformat}

I gave up at this stage for now.


was (Author: jacques.le.roux):
Hi Pradeep,

This issue is currently blocked by OFBIZ-11266.

This said I agree that we should check the {{sanitizer.enable}} properties when calling {{UtilCodec::checkStringForHtmlSafe.

Note, even if it's obvious, that if an user sets {{sanitizer.enable=false}}, then all the services protected by  allow-html="safe" will lose this protection.

I tried using using  [^OFBIZ-11265.patch]  but got another issue:

{noformat}
2019-11-01 19:23:27,076 |jsse-nio-8443-exec-1 |ServiceEcaRule                |I| For Service ECA [updateDataText] on [invoke] got false for condition: [dataResourceTypeId][not-equals][ELECTRONIC_TEXT][true][S
tring]
2019-11-01 19:23:27,076 |jsse-nio-8443-exec-1 |ServiceDispatcher             |T| Sync service [lucene/updateDataText] finished in [5] milliseconds
2019-11-01 19:23:27,076 |jsse-nio-8443-exec-1 |GroupServiceModel             |I| Running grouped service [updateContent]
2019-11-01 19:23:27,076 |jsse-nio-8443-exec-1 |ModelService                  |E| [ModelService.validate] : {updateContent} : (IN) Required test error: org.apache.ofbiz.service.ServiceValidationException: Le p
aramètre requis suivant manque : [IN] [updateContent.contentId]
2019-11-01 19:23:27,076 |jsse-nio-8443-exec-1 |ServiceDispatcher             |E| Incoming context (in runSync : updateContent) does not match expected requirements
org.apache.ofbiz.service.ServiceValidationException: Le paramètre requis suivant manque : [IN] [updateContent.contentId]
{noformat}

I gave up at this stage for now.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)