[
https://issues.apache.org/jira/browse/OFBIZ-4688?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Adrian Crum closed OFBIZ-4688.
------------------------------
Resolution: Won't Fix
Fix Version/s: SVN trunk
Olivier,
I am closing this issue because it opens a security hole. This change would
allow users to introduce malicious scripts.
I would recommend using a service call instead.
Thank you for your effort.
> For script tag in action section in Screen (and form) use a
> FlexibleStringExpander for scriptLocation and correctly manage minilang
> script context
> --------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-4688
> URL: https://issues.apache.org/jira/browse/OFBIZ-4688
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Olivier Heintz
> Priority: Minor
> Fix For: SVN trunk
>
> Attachments: OFBIZ-4688-without_TypeValue.patch,
> OFBIZ-4688-without_TypeValue_V2.patch, OFBIZ-4688-without_TypeValue_V3.patch,
> OFBIZ-4688-without_TypeValue_V4.patch, OFBIZ-4688.patch
>
>
> FlexibleStringExpander to be able to have script name depending from context.
> Minilang script are Useful to migrated some action (too large) as a minilang
> script
> Be carreful, this patch contain patch from JIRA-4687, if necessary I can
> submit a new patch without it
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
