svn commit: r751990 - /ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java

Author: jonesde
Date: Tue Mar 10 06:14:15 2009
New Revision: 751990

URL: http://svn.apache.org/viewvc?rev=751990&view=rev
Log:
Changed the HTML checking to only check and never change values; if they come from a webapp they will already be canonicalized, and for services calling other services and such we don't want to do canonicalization or the like

Modified:
    ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java

Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java?rev=751990&r1=751989&r2=751990&view=diff
==============================================================================
--- ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java (original)
+++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java Tue Mar 10 06:14:15 2009
@@ -558,11 +558,9 @@
                     // the param is a String, allow-html is none or safe, and we are looking at an IN parameter during input parameter validation
                     String value = (String) context.get(modelParam.name);
                     if ("none".equals(modelParam.allowHtml)) {
-                        value = StringUtil.checkStringForHtmlStrictNone(modelParam.name, value, errorMessageList);
-                        context.put(modelParam.name, value);
+                        StringUtil.checkStringForHtmlStrictNone(modelParam.name, value, errorMessageList);
                     } else if ("safe".equals(modelParam.allowHtml)) {
-                        value = StringUtil.checkStringForHtmlSafeOnly(modelParam.name, value, errorMessageList);
-                        context.put(modelParam.name, value);
+                        StringUtil.checkStringForHtmlSafeOnly(modelParam.name, value, errorMessageList);
                     }
                 }
             }