/[Apache-SVN]

Revision 1859878

Jump to revision:
Author:	jleroux
Date:	Fri May 24 13:51:26 2019 UTC (4 years, 11 months ago)
Changed paths:	23
Log Message:	"Applied fix from trunk for revision: 1859877" ------------------------------------------------------------------------ r1859877 \| jleroux \| 2019-05-24 15:47:08 +0200 (ven. 24 mai 2019) \| 10 lignes Fixed: Services allow arbitrary HTML for parameters with allow-html set to "safe" (OFBIZ-5254) This was reopened after discussion at https://markmail.org/message/jnaitmwahjcjmdn5 This is a new solution which follows the work done with OFBIZ-6669 and OFBIZ-10187 Roughly said, it uses org.owasp.html.PolicyFactory and org.owasp.html.Sanitizers Thanks: Christoph Neuroth for report ------------------------------------------------------------------------

Changed paths

Path	Details
ofbiz/ofbiz-framework/branches/release18.12/	modified , props changed
ofbiz/ofbiz-framework/branches/release18.12/applications/accounting/servicedef/services_agreement.xml	modified , text changed
ofbiz/ofbiz-framework/branches/release18.12/applications/accounting/servicedef/services_invoice.xml	modified , text changed
ofbiz/ofbiz-framework/branches/release18.12/applications/content/servicedef/services.xml	modified , text changed
ofbiz/ofbiz-framework/branches/release18.12/applications/content/servicedef/services_content.xml	modified , text changed
ofbiz/ofbiz-framework/branches/release18.12/applications/content/servicedef/services_data.xml	modified , text changed
ofbiz/ofbiz-framework/branches/release18.12/applications/marketing/servicedef/services_opportunity.xml	modified , text changed
ofbiz/ofbiz-framework/branches/release18.12/applications/order/servicedef/services.xml	modified , text changed
ofbiz/ofbiz-framework/branches/release18.12/applications/order/servicedef/services_quote.xml	modified , text changed
ofbiz/ofbiz-framework/branches/release18.12/applications/order/servicedef/services_request.xml	modified , text changed
ofbiz/ofbiz-framework/branches/release18.12/applications/party/servicedef/services.xml	modified , text changed
ofbiz/ofbiz-framework/branches/release18.12/applications/product/servicedef/services.xml	modified , text changed
ofbiz/ofbiz-framework/branches/release18.12/applications/product/servicedef/services_pricepromo.xml	modified , text changed
ofbiz/ofbiz-framework/branches/release18.12/applications/workeffort/servicedef/services.xml	modified , text changed
ofbiz/ofbiz-framework/branches/release18.12/framework/base/config/owasp.properties	modified , text changed
ofbiz/ofbiz-framework/branches/release18.12/framework/base/src/main/java/org/apache/ofbiz/base/html/CustomSafePolicy.java (Copied from ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/html/CustomSafePolicy.java, r1859877)	added
ofbiz/ofbiz-framework/branches/release18.12/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java	modified , text changed
ofbiz/ofbiz-framework/branches/release18.12/framework/base/src/test/java/org/apache/ofbiz/base/util/UtilCodecTests.java	modified , text changed
ofbiz/ofbiz-framework/branches/release18.12/framework/common/config/SecurityUiLabels.xml	modified , text changed
ofbiz/ofbiz-framework/branches/release18.12/framework/common/servicedef/services.xml	modified , text changed
ofbiz/ofbiz-framework/branches/release18.12/framework/common/servicedef/services_email.xml	modified , text changed
ofbiz/ofbiz-framework/branches/release18.12/framework/service/dtd/services.xsd	modified , text changed
ofbiz/ofbiz-framework/branches/release18.12/framework/service/src/main/java/org/apache/ofbiz/service/ModelService.java	modified , text changed

infrastructure at apache.org	ViewVC Help
Powered by ViewVC 1.1.26