Author: jonesde
Date: Tue Mar 10 06:14:15 2009
New Revision: 751990
URL:
http://svn.apache.org/viewvc?rev=751990&view=revLog:
Changed the HTML checking to only check and never change values; if they come from a webapp they will already be canonicalized, and for services calling other services and such we don't want to do canonicalization or the like
Modified:
ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java
Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java?rev=751990&r1=751989&r2=751990&view=diff==============================================================================
--- ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java (original)
+++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java Tue Mar 10 06:14:15 2009
@@ -558,11 +558,9 @@
// the param is a String, allow-html is none or safe, and we are looking at an IN parameter during input parameter validation
String value = (String) context.get(modelParam.name);
if ("none".equals(modelParam.allowHtml)) {
- value = StringUtil.checkStringForHtmlStrictNone(modelParam.name, value, errorMessageList);
- context.put(modelParam.name, value);
+ StringUtil.checkStringForHtmlStrictNone(modelParam.name, value, errorMessageList);
} else if ("safe".equals(modelParam.allowHtml)) {
- value = StringUtil.checkStringForHtmlSafeOnly(modelParam.name, value, errorMessageList);
- context.put(modelParam.name, value);
+ StringUtil.checkStringForHtmlSafeOnly(modelParam.name, value, errorMessageList);
}
}
}