svn commit: r1779701 - in /ofbiz/trunk: applications/content/src/main/java/org/apache/ofbiz/content/content/ContentWorker.java framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java

Author: jleroux
Date: Sat Jan 21 07:02:19 2017
New Revision: 1779701

URL: http://svn.apache.org/viewvc?rev=1779701&view=rev
Log:
Implemented: Birt Report Builder: an enhancement of the Birt component.
Easier user possibility of report creation.
(OFBIZ-6919)

Fixes a small issue: the REPORT contentId is now named FLEXIBLE_REPORT

Note: the BIRT_REPORT_BUILDER_USAGE_POLICY still need to be completed. Hence
it's for now bypassed in ContentWorker.renderContentAsText(), based on the
FLEXIBLE_REPORT contentId

Modified:
    ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/content/ContentWorker.java
    ofbiz/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java

Modified: ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/content/ContentWorker.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/content/ContentWorker.java?rev=1779701&r1=1779700&r2=1779701&view=diff
==============================================================================
--- ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/content/ContentWorker.java (original)
+++ ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/content/ContentWorker.java Sat Jan 21 07:02:19 2017
@@ -340,7 +340,7 @@ public class ContentWorker implements or
         String rendered = writer.toString();
         // According to https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#XSS_Prevention_Rules_Summary
         // Normally head is protected by X-XSS-Protection Response Header by default
-        if (!"REPORT".equals(contentTypeId)) { // FIXME here BIRT_REPORT_BUILDER_USAGE_POLICY should be used but I could not tweak it yet: the content of <script> are removed and should not. Also a more annoying no yet spotted issue with contentId dissapearing
+        if (!"FLEXIBLE_REPORT".equals(contentTypeId)) { // FIXME here BIRT_REPORT_BUILDER_USAGE_POLICY should be used but I could not tweak it yet: the content of <script> are removed and should not. Also a more annoying no yet spotted issue with contentId dissapearing
             if (rendered.contains("<script>")
                     || rendered.contains("<!--")
                     || rendered.contains("<div")

Modified: ofbiz/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java?rev=1779701&r1=1779700&r2=1779701&view=diff
==============================================================================
--- ofbiz/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java (original)
+++ ofbiz/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java Sat Jan 21 07:02:19 2017
@@ -129,7 +129,7 @@ public class UtilCodec {
                 .allowAttributes("class").onElements("td")
                 .allowAttributes("method").onElements("form")
                 .toFactory();
-        // This is the PolicyFactory used for the Birt Report Builder usage feature.  ("REPORT" contentTypeId)
+        // This is the PolicyFactory used for the Birt Report Builder usage feature.  ("FLEXIBLE_REPORT" contentTypeId)
         // It allows to use the OOTB Birt Report Builder example.
         // You might need to enhance it for your needs but normally you should not
         // In any case be sure to check https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet before changing things here...