/[Apache-SVN]

Revision 1859877

Jump to revision:
Author:	jleroux
Date:	Fri May 24 13:47:08 2019 UTC (4 years, 11 months ago)
Changed paths:	22
Log Message:	Fixed: Services allow arbitrary HTML for parameters with allow-html set to "safe" (OFBIZ-5254) This was reopened after discussion at https://markmail.org/message/jnaitmwahjcjmdn5 This is a new solution which follows the work done with OFBIZ-6669 and OFBIZ-10187 Roughly said, it uses org.owasp.html.PolicyFactory and org.owasp.html.Sanitizers Thanks: Christoph Neuroth for report

Changed paths

Path	Details
ofbiz/ofbiz-framework/trunk/applications/accounting/servicedef/services_agreement.xml	modified , text changed
ofbiz/ofbiz-framework/trunk/applications/accounting/servicedef/services_invoice.xml	modified , text changed
ofbiz/ofbiz-framework/trunk/applications/content/servicedef/services.xml	modified , text changed
ofbiz/ofbiz-framework/trunk/applications/content/servicedef/services_content.xml	modified , text changed
ofbiz/ofbiz-framework/trunk/applications/content/servicedef/services_data.xml	modified , text changed
ofbiz/ofbiz-framework/trunk/applications/marketing/servicedef/services_opportunity.xml	modified , text changed
ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services.xml	modified , text changed
ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services_quote.xml	modified , text changed
ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services_request.xml	modified , text changed
ofbiz/ofbiz-framework/trunk/applications/party/servicedef/services.xml	modified , text changed
ofbiz/ofbiz-framework/trunk/applications/product/servicedef/services.xml	modified , text changed
ofbiz/ofbiz-framework/trunk/applications/product/servicedef/services_pricepromo.xml	modified , text changed
ofbiz/ofbiz-framework/trunk/applications/workeffort/servicedef/services.xml	modified , text changed
ofbiz/ofbiz-framework/trunk/framework/base/config/owasp.properties	modified , text changed
ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/html/CustomSafePolicy.java	added
ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java	modified , text changed
ofbiz/ofbiz-framework/trunk/framework/base/src/test/java/org/apache/ofbiz/base/util/UtilCodecTests.java	modified , text changed
ofbiz/ofbiz-framework/trunk/framework/common/config/SecurityUiLabels.xml	modified , text changed
ofbiz/ofbiz-framework/trunk/framework/common/servicedef/services.xml	modified , text changed
ofbiz/ofbiz-framework/trunk/framework/common/servicedef/services_email.xml	modified , text changed
ofbiz/ofbiz-framework/trunk/framework/service/dtd/services.xsd	modified , text changed
ofbiz/ofbiz-framework/trunk/framework/service/src/main/java/org/apache/ofbiz/service/ModelService.java	modified , text changed

infrastructure at apache.org	ViewVC Help
Powered by ViewVC 1.1.26