Log Message: |
"Applied fix from trunk for revision: 1859877"
------------------------------------------------------------------------
r1859877 | jleroux | 2019-05-24 15:47:08 +0200 (ven. 24 mai 2019) | 10 lignes
Fixed: Services allow arbitrary HTML for parameters with allow-html set to "safe"
(OFBIZ-5254)
This was reopened after discussion at
https://markmail.org/message/jnaitmwahjcjmdn5
This is a new solution which follows the work done with OFBIZ-6669 and OFBIZ-10187
Roughly said, it uses org.owasp.html.PolicyFactory and org.owasp.html.Sanitizers
Thanks: Christoph Neuroth for report
------------------------------------------------------------------------
|