OFBiz OFBiz - Notifications

[jira] [Commented] (OFBIZ-9373) create new blog article entry error.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (OFBIZ-9373) create new blog article entry error.

Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-9373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16019244#comment-16019244 ]

Jacques Le Roux commented on OFBIZ-9373:
----------------------------------------

Hi Yao,

Yes it's a known problem related with http://svn.apache.org/viewvc?view=revision&revision=1759065

Recently in the context of [Flexible Report|https://blogs.apache.org/ofbiz/entry/the-birt-flexible-reports-a] I used the [OWASP Java HTML Sanitizer Project|https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project] to create and use a specific BIRT_FLEXIBLE_REPORT_POLICY used by encoder.sanitize() (HtmlEncoder type) in ContentWorker.renderContentAsText(). This allows for more flexibility than "any" or "none" when sanitizing or checking HTML code. We could use the PERMISSIVE_POLICY for the removed "safe" case or even allows to use a policy name for allow-html value. As soon as I'll get a chance I'll have a look at this idea.

In the meantime if you believe you are safe to use "any" just do that.



> create new blog article entry error.
> ------------------------------------
>
>                 Key: OFBIZ-9373
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9373
>             Project: OFBiz
>          Issue Type: Bug
>          Components: content
>    Affects Versions: Trunk
>            Reporter: yao
>
> 1、when i try to create a new blog article, i get the following error message:
>               In field [articleData] less-than (<) and greater-than (>) symbols are not allowed.
> it seems that this field does not support html text !
> 2、after i use plain text for the field [articleData], when i post the form, i get the following error message:
>                 The following required parameter is missing: [IN] [createElectronicText.dataResourceId]]
> and i go through the code that handles the request and the log record, to find that the following eca does not execute which causes the error:
>              
> <!-- electronic text; needs dataResourceId -->
>     <eca service="createElectronicText" event="invoke">
>         <condition field-name="dataResourceId" operator="is-empty"/>
>         <set field-name="dataResourceTypeId" value="ELECTRONIC_TEXT"/>
>         <action service="createDataResource" mode="sync" result-to-context="true"/>
>     </eca>
> does the problem lies in the framework code ?



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
Free forum by Nabble Edit this page