Author: jacopoc
Date: Tue Jun 4 13:21:54 2019
New Revision: 1860613
URL:
http://svn.apache.org/viewvc?rev=1860613&view=revLog:
Fixed: fine tuned the sanitization of user input by allowing "safe" content;
thanks to Jacques for the suggestion.
Modified:
ofbiz/ofbiz-framework/trunk/applications/party/servicedef/services.xml
Modified: ofbiz/ofbiz-framework/trunk/applications/party/servicedef/services.xml
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/applications/party/servicedef/services.xml?rev=1860613&r1=1860612&r2=1860613&view=diff==============================================================================
--- ofbiz/ofbiz-framework/trunk/applications/party/servicedef/services.xml (original)
+++ ofbiz/ofbiz-framework/trunk/applications/party/servicedef/services.xml Tue Jun 4 13:21:54 2019
@@ -777,6 +777,10 @@ under the License.
<attribute name="returnId" type="String" mode="IN" optional="true"/>
<attribute name="custRequestId" type="String" mode="IN" optional="true"/>
<attribute name="action" type="String" mode="IN" optional="true"/><!-- to indicate any special action like: REPLY, REPLYALL, FORWARD or empty for no special action-->
+ <override name="headerString" allow-html="safe"/>
+ <override name="content" allow-html="safe"/>
+ <override name="messageId" allow-html="safe"/>
+ <override name="subject" allow-html="safe"/>
</service>
<service name="createCommunicationEvent" engine="simple"
location="component://party/minilang/communication/CommunicationEventServices.xml" invoke="createCommunicationEventWithPermission" auth="true">
Locked
