On Tue, Feb 24, 2009 at 1:54 AM, David E Jones
wrote:
>
> For the most part we'd only want to accept "safe" HTML, but it is certainly
> conceivable to need something more open/flexible/etc. It might be good to
> have two service defs (both can call the same service impl), with names to
> denote th
For the most part we'd only want to accept "safe" HTML, but it is
certainly conceivable to need something more open/flexible/etc. It
might be good to have two service defs (both can call the same service
impl), with names to denote the difference, ie a suffix of "SafeHtml"
and "AnyText" f
I am storing a very large JSON string in the database using the CMS. Am I
right in understanding that because the createTextContent service does not
have an "allowHtml" attribute on the textData field set to "none" that in
ModelService.validate method it is the
StringUtil.checkStringForHtmlStrictNo
Great, cool. Hopefully the new size (10) should fix that for you.
Thanks for reporting it, and of course if you run into anything else
please do write it up again. I'm trying to keep an eye on this stuff
in particular and be around to fix things since this sort of low-level
change ten
I was being too general. I was not uploading images. I just used
createTextContent and it failed because the limit was set too low. I saw how
to fix that with maxInputSize and was just asking the question if there were
more granular ways to deal with the problem.
-Al
On Mon, Feb 23, 2009 at 5:30
Could you be more specific? In other words, which part of the
application were you using and what was the error message that you got?
You mentioned a problem uploading images... which baffles me the most
because the ESAPI changes are _only_ for String attributes on
services. What was the
I guess one of the first places that we will run into ESAPI affects is in
content management when we try to store images and the like that are larger
than the default "maxInputSize" = 5000 specified in the antisamy-esapi.xml
file.
What would be the best approach to dealing with this?
1. Just modi