svn commit: r1860354 - in /ofbiz/site/dtds: services.xsd site-conf.xsd widget-form.xsd

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r1860354 - in /ofbiz/site/dtds: services.xsd site-conf.xsd widget-form.xsd

jleroux@apache.org
Author: jleroux
Date: Wed May 29 16:17:36 2019
New Revision: 1860354

URL: http://svn.apache.org/viewvc?rev=1860354&view=rev
Log:
Updates .xsd files

Modified:
    ofbiz/site/dtds/services.xsd
    ofbiz/site/dtds/site-conf.xsd
    ofbiz/site/dtds/widget-form.xsd

Modified: ofbiz/site/dtds/services.xsd
URL: http://svn.apache.org/viewvc/ofbiz/site/dtds/services.xsd?rev=1860354&r1=1860353&r2=1860354&view=diff
==============================================================================
--- ofbiz/site/dtds/services.xsd (original)
+++ ofbiz/site/dtds/services.xsd Wed May 29 16:17:36 2019
@@ -291,16 +291,13 @@ under the License.
         <xs:attribute name="allow-html" use="optional" default="none">
             <xs:annotation>
                 <xs:documentation>
-                    Applies only to String fields.
-                    Only checked for incoming parameters/attributes (could change in the future, but this is meant for validating input from users, other systems, etc).
-                    Defaults to "none" meaning no HTML is allowed (will result in an error message).
-                    If some HTML is desired then use "any".
-                    There was previously "safe" but it's deprecated
+                    See the documentation on the allow-html attribute of the "attribute" element.
                 </xs:documentation>
             </xs:annotation>
             <xs:simpleType>
                 <xs:restriction base="xs:token">
                     <xs:enumeration value="any"/>
+                    <xs:enumeration value="safe"/>
                     <xs:enumeration value="none"/>
                 </xs:restriction>
             </xs:simpleType>
@@ -358,12 +355,14 @@ under the License.
                 Applies only to String fields.
                 Only checked for incoming parameters/attributes (could change in the future, but this is meant for validating input from users, other systems, etc).
                 Defaults to "none" meaning no HTML is allowed (will result in an error message).
-                If some HTML is desired then use "any".
-                There was previously "safe" but it's deprecated
+                If some HTML is desired then use "safe" which will follow the rules in the default custom safe policy file (CustomSafePolicy.java, see also owasp.properties).
+                This should be safe for both internal and public users. You may want to provide your own custom safe policy file to adapt to you needs.
+                In rare cases when users are trusted or it is not a sensitive field the "any" option may be used to not check the HTML content at all.
             </xs:documentation></xs:annotation>
             <xs:simpleType>
                 <xs:restriction base="xs:token">
                     <xs:enumeration value="any"/>
+                    <xs:enumeration value="safe"/>
                     <xs:enumeration value="none"/>
                 </xs:restriction>
             </xs:simpleType>
@@ -411,16 +410,14 @@ under the License.
         <xs:attribute name="allow-html" use="optional">
             <xs:annotation>
                 <xs:documentation>
-                    Applies only to String fields.
-                    Only checked for incoming parameters/attributes (could change in the future, but this is meant for validating input from users, other systems, etc).
-                    There is no default, "none" means no HTML is allowed (will result in an error message).
-                    If some HTML is desired then use "any".
-                    There was previously "safe" but it's deprecated
+                    See the documentation on the allow-html attribute of the "attribute" element.
+                    Note that it is slightly different here as there is no default.
                 </xs:documentation>
             </xs:annotation>
             <xs:simpleType>
                 <xs:restriction base="xs:token">
                     <xs:enumeration value="any"/>
+                    <xs:enumeration value="safe"/>
                     <xs:enumeration value="none"/>
                 </xs:restriction>
             </xs:simpleType>

Modified: ofbiz/site/dtds/site-conf.xsd
URL: http://svn.apache.org/viewvc/ofbiz/site/dtds/site-conf.xsd?rev=1860354&r1=1860353&r2=1860354&view=diff
==============================================================================
--- ofbiz/site/dtds/site-conf.xsd (original)
+++ ofbiz/site/dtds/site-conf.xsd Wed May 29 16:17:36 2019
@@ -526,7 +526,7 @@ under the License.
                         <xs:annotation>
                             <xs:documentation>
                                 Internally chains to another request.
-                                Automatically redirect all current request parameters to the new request
+                                Automatically redirects all current request parameters to the new request
                             </xs:documentation>
                         </xs:annotation>
                     </xs:enumeration>
@@ -534,7 +534,8 @@ under the License.
                         <xs:annotation>
                             <xs:documentation>
                                 Send a redirect down to the browser telling it to go to the new request.
-                                Redirect only mentioned request parameters in controller.xml, using redirect-param attribute
+                                Automatically redirects all current request parameters to the new request
+                                or only redirected parameters specified using redirect-param attribute.
                             </xs:documentation>
                         </xs:annotation>
                     </xs:enumeration>

Modified: ofbiz/site/dtds/widget-form.xsd
URL: http://svn.apache.org/viewvc/ofbiz/site/dtds/widget-form.xsd?rev=1860354&r1=1860353&r2=1860354&view=diff
==============================================================================
--- ofbiz/site/dtds/widget-form.xsd (original)
+++ ofbiz/site/dtds/widget-form.xsd Wed May 29 16:17:36 2019
@@ -496,6 +496,11 @@ under the License.
                 </xs:simpleType>
             </xs:attribute>
             <xs:attribute type="xs:positiveInteger" name="default-position" default="1" />
+            <xs:attribute name="include-internal" type="xs:boolean" default="false">
+                <xs:annotation>
+                    <xs:documentation>This field will let the user enable internal fields of entity</xs:documentation>
+                </xs:annotation>
+            </xs:attribute>
         </xs:complexType>
     </xs:element>
     <xs:element name="sort-order">