allow-html in service validation is too restrictive
---------------------------------------------------
Key: OFBIZ-2645
URL: https://issues.apache.org/jira/browse/OFBIZ-2645
Project: OFBiz
Issue Type: Bug
Components: framework
Affects Versions: SVN trunk
Reporter: Harmeet Bedi
Fix For: SVN trunk
Service 'IN' parameters are validated. Default is allow-html='none'
This filters out all the html chars. e.g one cannot set this text "Tom's age is
likely > Paul's age"
'>' is not allowed
Rederers already escape html, so it may be best to keep validation
alllow-html='any'. If service has a need to constrain, service should specify
allow-html explicitly.
Attaching patch. Please let me if this does not make sense.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
