Clone
Jacques Le Roux
committed
on 24 May 19
Fixed: Services allow arbitrary HTML for parameters with allow-html set to "safe" (OFBIZ-5254)
This was reopened after discussion at
https:Show more
Fixed: Services allow arbitrary HTML for parameters with allow-html set to "safe" (OFBIZ-5254)

This was reopened after discussion at

https://markmail.org/message/jnaitmwahjcjmdn5

This is a new solution which follows the work done with OFBIZ-6669 and OFBIZ-10187

Roughly said, it uses org.owasp.html.PolicyFactory and org.owasp.html.Sanitizers

Thanks: Christoph Neuroth for report

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-framework/trunk@1859877 13f79535-47bb-0310-9956-ffa450edef68

Show less