[
https://issues.apache.org/jira/browse/OFBIZ-12147?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
James Yong updated OFBIZ-12147:
-------------------------------
Description:
Currently, we can display flash message by setting in request attribute
"__EVENT_MESSAGE__".
Propose to add another request attribute i.e. "__UNSAFE_EVENT_MESSAGE__" for
messages that can contain inline javascript.
One use case is to allow us to display last login timestamp with
browser-specific format.
was:
Currently, we can display flash message by setting in request attribute
"_EVENT_MESSAGE_".
Propose to add another request attribute i.e. '_UNSAFE_EVENT_MESSAGE_' for
messages that can contain inline javascript.
One use case is to allow us to display last login timestamp with
browser-specific format.
> Allow Unsafe Message
> --------------------
>
> Key: OFBIZ-12147
> URL: https://issues.apache.org/jira/browse/OFBIZ-12147
> Project: OFBiz
> Issue Type: Improvement
> Components: base
> Affects Versions: Upcoming Branch
> Reporter: James Yong
> Assignee: James Yong
> Priority: Minor
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-12147
>
>
> Currently, we can display flash message by setting in request attribute
> "__EVENT_MESSAGE__".
> Propose to add another request attribute i.e. "__UNSAFE_EVENT_MESSAGE__" for
> messages that can contain inline javascript.
> One use case is to allow us to display last login timestamp with
> browser-specific format.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
