|
|
To me it appears that default restrictions for html are very restrictive.
We recently updated our ofbiz versions and getting some messages
In field [XXX] less-than (<) and greater-than (>) symbols are not allowed
I wonder if this is a mistake.. It not only prevents html but it also prevents simple text like 'Mr X would buy if price < $2'
XSD has
<xs:attribute name="allow-html" use="optional" default="none">
<xs:annotation><xs:documentation>See the documentation on the allow-html attribute of the "attribute" element.</xs:documentation></xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="any"/>
<xs:enumeration value="safe"/>
<xs:enumeration value="none"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
Wondering if it is best to have allow-html = 'any'. If someone wants to create a user interface with view/edit of html content for comments the platform should not prevent.
thoughts ?
Harmeet
|
Locked
