Log Message: |
Fixed: Services allow arbitrary HTML for parameters with allow-html set to "safe"
(OFBIZ-5254)
This was reopened after discussion at
https://markmail.org/message/jnaitmwahjcjmdn5
This is a new solution which follows the work done with OFBIZ-6669 and OFBIZ-10187
Roughly said, it uses org.owasp.html.PolicyFactory and org.owasp.html.Sanitizers
Thanks: Christoph Neuroth for report
|