This was done by David and I believe he was right on this. See his comment at http://svn.apache.org/viewvc?view=revision&revision=751990
If we want to handle safe we would need to treat direct services calls and services calling other services differently It would get overcomplicated and anyway I don't think we need that. Jacques Adrian Crum wrote: > Why don't we change it so allow-html="safe" does what it says - allow > only "safe" HTML? > > Adrian Crum > Sandglass Software > www.sandglass-software.com > > On 10/28/2013 12:44 AM, Jacques Le Roux wrote: >> Hi, >> >> I wonder if we should not backport in releases the changes I will do for >> https://issues.apache.org/jira/browse/OFBIZ-5254?focusedCommentId=13806604 >> >> Though it's not a real bug, the reason to ask is because it disturbed much >> people, even seasoned ones >> http://markmail.org/message/zisndi3zwfmdkn2u >> >> Opinions? >> >> Jacques