svn commit: r1859880 - in /ofbiz/branches/release16.11: ./ applications/accounting/servicedef/ applications/content/servicedef/ applications/marketing/servicedef/ applications/order/servicedef/ applications/party/servicedef/ applications/product/servic...

Fri, 24 May 2019 06:57:55 -0700 

Author: jleroux
Date: Fri May 24 13:57:20 2019
New Revision: 1859880

URL: http://svn.apache.org/viewvc?rev=1859880&view=rev
Log:
"Applied fix from trunk framework for revision: 1859877" 
------------------------------------------------------------------------
r1859877 | jleroux | 2019-05-24 15:47:08 +0200 (ven. 24 mai 2019) | 10 lignes

Fixed: Services allow arbitrary HTML for parameters with allow-html set to 
"safe"
(OFBIZ-5254)

This was reopened after discussion at 
https://markmail.org/message/jnaitmwahjcjmdn5

This is a new solution which follows the work done with and OFBIZ-10187
Roughly said, it uses org.owasp.html.PolicyFactory and org.owasp.html.Sanitizers

Thanks: Christoph Neuroth for report
------------------------------------------------------------------------


Added:
    
ofbiz/branches/release16.11/framework/base/src/main/java/org/apache/ofbiz/base/html/CustomSafePolicy.java
      - copied unchanged from r1859877, 
ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/html/CustomSafePolicy.java
Modified:
    ofbiz/branches/release16.11/   (props changed)
    
ofbiz/branches/release16.11/applications/accounting/servicedef/services_agreement.xml
    
ofbiz/branches/release16.11/applications/accounting/servicedef/services_invoice.xml
    ofbiz/branches/release16.11/applications/content/servicedef/services.xml
    
ofbiz/branches/release16.11/applications/content/servicedef/services_content.xml
    
ofbiz/branches/release16.11/applications/content/servicedef/services_data.xml
    
ofbiz/branches/release16.11/applications/marketing/servicedef/services_opportunity.xml
    ofbiz/branches/release16.11/applications/order/servicedef/services.xml
    ofbiz/branches/release16.11/applications/order/servicedef/services_quote.xml
    
ofbiz/branches/release16.11/applications/order/servicedef/services_request.xml
    ofbiz/branches/release16.11/applications/party/servicedef/services.xml
    ofbiz/branches/release16.11/applications/product/servicedef/services.xml
    
ofbiz/branches/release16.11/applications/product/servicedef/services_pricepromo.xml
    ofbiz/branches/release16.11/applications/workeffort/servicedef/services.xml
    ofbiz/branches/release16.11/framework/base/config/owasp.properties
    
ofbiz/branches/release16.11/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java
    
ofbiz/branches/release16.11/framework/base/src/test/java/org/apache/ofbiz/base/util/UtilCodecTests.java
    ofbiz/branches/release16.11/framework/common/config/SecurityUiLabels.xml
    ofbiz/branches/release16.11/framework/common/servicedef/services.xml
    ofbiz/branches/release16.11/framework/common/servicedef/services_email.xml
    ofbiz/branches/release16.11/framework/service/dtd/services.xsd
    
ofbiz/branches/release16.11/framework/service/src/main/java/org/apache/ofbiz/service/ModelService.java

Propchange: ofbiz/branches/release16.11/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri May 24 13:57:20 2019
@@ -10,5 +10,5 @@
 /ofbiz/branches/json-integration-refactoring:1634077-1635900
 /ofbiz/branches/multitenant20100310:921280-927264
 /ofbiz/branches/release13.07:1547657
-/ofbiz/ofbiz-framework/trunk:1783202,1783388,1784549,1784558,1784708,1785882,1785925,1786079,1786214,1786525,1787047,1787133,1787176,1787535,1787906-1787911,1787949,1789665,1789863,1789874,1790396,1790810,1791277,1791288,1791342,1791346,1791490,1791496,1791625,1791634,1791791,1791804,1792270,1792272,1792275,1792432,1792609,1792638,1793300,1794008,1794132,1796047,1796262,1797733,1798668,1798682,1798796,1798803,1798808,1799088,1799183,1799327,1799417,1799687,1799767,1799793,1799859,1800250,1800780,1800832,1800853,1801094,1801262-1801263,1801273-1801274,1801303,1801316,1801318-1801319,1801336,1801340,1801346,1801349-1801350,1801359,1801742,1802657,1802766,1803525,1804656,1804843,1804847,1804859,1805143,1805558,1805880,1806036,1806220,1806266,1806269,1806951,1807597,1807890,1808834,1809399,1809429,1809594,1809741,1810102,1811794,1812387,1813600,1813617,1813647,1813833,1814277,1814319,1814349,1814392,1814501,1814591,1814642,1814644,1814709,1814873,1814928,1814934,1815059,1816264,1816273,
 
1816289,1816291,1816297,1816369,1816373,1816461,1816635,1816795,1818101,1818269,1818273,1818402,1819122,1819136,1819144,1819811,1820823,1820949,1820966,1821012,1821036,1821613,1821965,1822310,1822377,1822383,1823876,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825233,1825262,1825444,1825450,1826374,1826592,1826671,1826805,1826938,1828255,1830936,1831234,1831608,1831831,1832577,1832662,1832756,1832944,1833211,1834181,1834191,1835235,1836144,1838032,1840189,1840199,1840828,1841657,1841662,1842372,1842921,1843225,1843893,1845418,1845420,1845466,1845544,1845552,1846214,1846594,1846632,1847398,1848263,1848336,1848398,1848444,1848449,1849191,1849193,1849275,1849528,1849540,1849567,1849693,1850015,1850023,1850530,1850685,1850914,1850918,1850948,1851200,1851247,1851319,1851805,1851998,1852587,1852818,1853070,1853691,1853745,1853750,1854306,1854457,1855078,1855287,1855371,1855403,1855488,1855492,1855497,1855501,1855898,1856405,1856455,1856459-1856460,1856484,1856598,1856617,18566
 
67,1857088,1857099,1857180,1857213,1857392,1857617,1857692,1857813,1858141,1858250,1858275,1858312,1858319,1858432,1858444,1858523,1858539,1858933,1858965,1858980,1859012,1859033,1859255,1859263,1859543,1859571,1859576,1859691,1859704,1859796,1859807,1859871
+/ofbiz/ofbiz-framework/trunk:1783202,1783388,1784549,1784558,1784708,1785882,1785925,1786079,1786214,1786525,1787047,1787133,1787176,1787535,1787906-1787911,1787949,1789665,1789863,1789874,1790396,1790810,1791277,1791288,1791342,1791346,1791490,1791496,1791625,1791634,1791791,1791804,1792270,1792272,1792275,1792432,1792609,1792638,1793300,1794008,1794132,1796047,1796262,1797733,1798668,1798682,1798796,1798803,1798808,1799088,1799183,1799327,1799417,1799687,1799767,1799793,1799859,1800250,1800780,1800832,1800853,1801094,1801262-1801263,1801273-1801274,1801303,1801316,1801318-1801319,1801336,1801340,1801346,1801349-1801350,1801359,1801742,1802657,1802766,1803525,1804656,1804843,1804847,1804859,1805143,1805558,1805880,1806036,1806220,1806266,1806269,1806951,1807597,1807890,1808834,1809399,1809429,1809594,1809741,1810102,1811794,1812387,1813600,1813617,1813647,1813833,1814277,1814319,1814349,1814392,1814501,1814591,1814642,1814644,1814709,1814873,1814928,1814934,1815059,1816264,1816273,
 
1816289,1816291,1816297,1816369,1816373,1816461,1816635,1816795,1818101,1818269,1818273,1818402,1819122,1819136,1819144,1819811,1820823,1820949,1820966,1821012,1821036,1821613,1821965,1822310,1822377,1822383,1823876,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825233,1825262,1825444,1825450,1826374,1826592,1826671,1826805,1826938,1828255,1830936,1831234,1831608,1831831,1832577,1832662,1832756,1832944,1833211,1834181,1834191,1835235,1836144,1838032,1840189,1840199,1840828,1841657,1841662,1842372,1842921,1843225,1843893,1845418,1845420,1845466,1845544,1845552,1846214,1846594,1846632,1847398,1848263,1848336,1848398,1848444,1848449,1849191,1849193,1849275,1849528,1849540,1849567,1849693,1850015,1850023,1850530,1850685,1850914,1850918,1850948,1851200,1851247,1851319,1851805,1851998,1852587,1852818,1853070,1853691,1853745,1853750,1854306,1854457,1855078,1855287,1855371,1855403,1855488,1855492,1855497,1855501,1855898,1856405,1856455,1856459-1856460,1856484,1856598,1856617,18566
 
67,1857088,1857099,1857180,1857213,1857392,1857617,1857692,1857813,1858141,1858250,1858275,1858312,1858319,1858432,1858444,1858523,1858539,1858933,1858965,1858980,1859012,1859033,1859255,1859263,1859543,1859571,1859576,1859691,1859704,1859796,1859807,1859871,1859877
 
/ofbiz/trunk:1770481,1770490,1770540,1771440,1771448,1771516,1771935,1772346,1772880,1774772,1775441,1779724,1780659,1781109,1781125,1781979,1782498,1782520

Modified: 
ofbiz/branches/release16.11/applications/accounting/servicedef/services_agreement.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/applications/accounting/servicedef/services_agreement.xml?rev=1859880&r1=1859879&r2=1859880&view=diff
==============================================================================
--- 
ofbiz/branches/release16.11/applications/accounting/servicedef/services_agreement.xml
 (original)
+++ 
ofbiz/branches/release16.11/applications/accounting/servicedef/services_agreement.xml
 Fri May 24 13:57:20 2019
@@ -29,14 +29,14 @@ under the License.
         <permission-service service-name="acctgAgreementPermissionCheck" 
main-action="CREATE"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
         <auto-attributes include="pk" mode="OUT" optional="true"/>
-        <override name="textData" allow-html="any"/>
+        <override name="textData" allow-html="safe"/>
     </service>
     <service name="updateAgreement" default-entity-name="Agreement" 
engine="entity-auto" invoke="update" auth="true">
         <description>Update an Agreement</description>
         <permission-service service-name="acctgAgreementPermissionCheck" 
main-action="UPDATE"/>
         <auto-attributes include="pk" mode="IN" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
-        <override name="textData" allow-html="any"/>
+        <override name="textData" allow-html="safe"/>
     </service>
     <service name="cancelAgreement" default-entity-name="Agreement" 
engine="simple"
                 
location="component://accounting/minilang/agreement/AgreementServices.xml" 
invoke="cancelAgreement" auth="true">
@@ -62,7 +62,7 @@ under the License.
         <permission-service service-name="acctgAgreementPermissionCheck" 
main-action="CREATE"/>
         <auto-attributes include="pk" mode="INOUT" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
-        <override name="agreementText" allow-html="any"/>
+        <override name="agreementText" allow-html="safe"/>
         <override name="agreementItemSeqId" optional="true"></override>
     </service>
     <service name="updateAgreementItem" default-entity-name="AgreementItem" 
engine="entity-auto" invoke="update" auth="true">
@@ -70,7 +70,7 @@ under the License.
         <permission-service service-name="acctgAgreementPermissionCheck" 
main-action="UPDATE"/>
         <auto-attributes include="pk" mode="IN" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
-        <override name="agreementText" allow-html="any"/>
+        <override name="agreementText" allow-html="safe"/>
     </service>
     <service name="removeAgreementItem" default-entity-name="AgreementItem" 
engine="entity-auto" invoke="delete" auth="true">
         <description>Remove an AgreementItem</description>
@@ -104,14 +104,14 @@ under the License.
         <permission-service service-name="acctgAgreementPermissionCheck" 
main-action="CREATE"/>
         <auto-attributes include="pk" mode="INOUT" optional="true"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
-        <override name="textValue" allow-html="any"/>
+        <override name="textValue" allow-html="safe"/>
     </service>
     <service name="updateAgreementTerm" default-entity-name="AgreementTerm" 
engine="entity-auto" invoke="update" auth="true">
         <description>Update an AgreementTerm</description>
         <permission-service service-name="acctgAgreementPermissionCheck" 
main-action="UPDATE"/>
         <auto-attributes include="pk" mode="IN" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
-        <override name="textValue" allow-html="any"/>
+        <override name="textValue" allow-html="safe"/>
     </service>
     <service name="deleteAgreementTerm" default-entity-name="AgreementTerm" 
engine="entity-auto" invoke="delete" auth="true">
         <description>Delete an AgreementTerm</description>

Modified: 
ofbiz/branches/release16.11/applications/accounting/servicedef/services_invoice.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/applications/accounting/servicedef/services_invoice.xml?rev=1859880&r1=1859879&r2=1859880&view=diff
==============================================================================
--- 
ofbiz/branches/release16.11/applications/accounting/servicedef/services_invoice.xml
 (original)
+++ 
ofbiz/branches/release16.11/applications/accounting/servicedef/services_invoice.xml
 Fri May 24 13:57:20 2019
@@ -56,8 +56,8 @@ under the License.
         <override name="invoiceTypeId" mode="IN" optional="false"/>
         <override name="partyIdFrom" mode = "IN" optional="false"/>
         <override name="partyId" mode = "IN" optional="false"/>
-        <override name="description" allow-html="any"/>
-        <override name="invoiceMessage" allow-html="any"/>
+        <override name="description" allow-html="safe"/>
+        <override name="invoiceMessage" allow-html="safe"/>
     </service>
     <service name="copyInvoice" engine="simple" default-entity-name="Invoice"
         location="component://accounting/minilang/invoice/InvoiceServices.xml" 
invoke="copyInvoice">
@@ -80,8 +80,8 @@ under the License.
         <permission-service service-name="acctgInvoicePermissionCheck" 
main-action="UPDATE"/>
         <auto-attributes mode="IN" include="pk" optional="false"/>
         <auto-attributes mode="IN" include="nonpk" optional="true"/>
-        <override name="description" allow-html="any"/>
-        <override name="invoiceMessage" allow-html="any"/>
+        <override name="description" allow-html="safe"/>
+        <override name="invoiceMessage" allow-html="safe"/>
     </service>
     <service name="setInvoiceStatus" engine="simple"
         location="component://accounting/minilang/invoice/InvoiceServices.xml" 
invoke="setInvoiceStatus">
@@ -117,7 +117,7 @@ under the License.
         <auto-attributes mode="IN" include="pk" optional="false"/>
         <auto-attributes mode="IN" include="nonpk" optional="true"/>
         <override name="invoiceItemSeqId" mode="INOUT" optional="true"/><!-- 
will optionally be assigned by the system -->
-        <override name="description" allow-html="any"/>
+        <override name="description" allow-html="safe"/>
     </service>
     <service name="updateInvoiceItem" engine="simple" 
default-entity-name="InvoiceItem"
         location="component://accounting/minilang/invoice/InvoiceServices.xml" 
invoke="updateInvoiceItem">
@@ -125,7 +125,7 @@ under the License.
         <permission-service service-name="acctgInvoicePermissionCheck" 
main-action="UPDATE"/>
         <auto-attributes mode="INOUT" include="pk" optional="false"/>
         <auto-attributes mode="IN" include="nonpk" optional="true"/>
-        <override name="description" allow-html="any"/>
+        <override name="description" allow-html="safe"/>
     </service>
     <service name="removeInvoiceItem" engine="simple" 
default-entity-name="InvoiceItem"
         location="component://accounting/minilang/invoice/InvoiceServices.xml" 
invoke="removeInvoiceItem">
@@ -429,7 +429,7 @@ under the License.
         <auto-attributes include="pk" mode="IN" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
         <auto-attributes entity-name="Content" include="nonpk" mode="IN" 
optional="true"/>
-        <attribute name="text" type="String" mode="IN" optional="false" 
allow-html="any"/>
+        <attribute name="text" type="String" mode="IN" optional="false" 
allow-html="safe"/>
         <override name="contentId" optional="true"/>
         <override name="fromDate" optional="true"/>
     </service>
@@ -439,7 +439,7 @@ under the License.
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
         <auto-attributes mode="IN" entity-name="Content" optional="true"/>
         <attribute name="textDataResourceId" type="String" mode="IN" 
optional="true"/>
-        <attribute name="text" type="String" mode="IN" optional="true" 
allow-html="any"/>
+        <attribute name="text" type="String" mode="IN" optional="true" 
allow-html="safe"/>
     </service>
     <service name="isInvoiceInForeignCurrency" engine="simple"
         location="component://accounting/minilang/invoice/InvoiceServices.xml" 
invoke="isInvoiceInForeignCurrency" auth="true">

Modified: 
ofbiz/branches/release16.11/applications/content/servicedef/services.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/applications/content/servicedef/services.xml?rev=1859880&r1=1859879&r2=1859880&view=diff
==============================================================================
--- ofbiz/branches/release16.11/applications/content/servicedef/services.xml 
(original)
+++ ofbiz/branches/release16.11/applications/content/servicedef/services.xml 
Fri May 24 13:57:20 2019
@@ -173,13 +173,13 @@
     <service name="createSimpleTextContent" engine="simple" 
location="component://content/minilang/content/ContentServices.xml" 
invoke="createSimpleTextContent">
         <permission-service service-name="contentManagerPermission" 
main-action="CREATE"/>
         <auto-attributes mode="IN" entity-name="Content" optional="true"/>
-        <attribute name="text" type="String" mode="IN" optional="false" 
allow-html="any"/>
+        <attribute name="text" type="String" mode="IN" optional="false" 
allow-html="safe"/>
         <override name="contentId" mode="INOUT"/>
     </service>
     <service name="updateSimpleTextContent" engine="simple" 
location="component://content/minilang/content/ContentServices.xml" 
invoke="updateSimpleTextContent">
         <permission-service service-name="contentManagerPermission" 
main-action="UPDATE"/>
         <attribute name="textDataResourceId" type="String" mode="IN" 
optional="true"/>
-        <attribute name="text" type="String" mode="IN" optional="true" 
allow-html="any"/>
+        <attribute name="text" type="String" mode="IN" optional="true" 
allow-html="safe"/>
     </service>
 
     <!-- Util -->
@@ -335,7 +335,7 @@
         <attribute mode="IN" name="forceElectronicText" optional="true" 
type="String"/>
         <attribute mode="IN" name="displayFailCond" optional="true" 
type="Boolean"/>
         <attribute mode="INOUT" name="roleTypeList" optional="true" 
type="List"/>
-        <override name="textData" allow-html="any"/>
+        <override name="textData" allow-html="safe"/>
     </service>
 
     <service name="persistDataResourceAndData" engine="java"
@@ -833,8 +833,8 @@
         <attribute name="statusId" type="String" mode="IN" optional="true"/>
         <attribute name="description" type="String" mode="IN" optional="true"/>
         <attribute name="templateDataResourceId" type="String" mode="IN" 
optional="true"/>
-        <attribute name="articleData" type="String" mode="IN" optional="true" 
allow-html="none"/>
-        <attribute name="summaryData" type="String" mode="IN" optional="true" 
allow-html="none"/>
+        <attribute name="articleData" type="String" mode="IN" optional="true" 
allow-html="safe"/>
+        <attribute name="summaryData" type="String" mode="IN" optional="true" 
allow-html="safe"/>
     </service>
     <service name="updateBlogEntry" engine="simple" auth="true"
         location="component://content/minilang/blog/BlogServices.xml" 
invoke="updateBlogEntry">
@@ -849,8 +849,8 @@
         <attribute name="statusId" type="String" mode="IN" optional="true"/>
         <attribute name="description" type="String" mode="IN" optional="true"/>
         <attribute name="templateDataResourceId" type="String" mode="IN" 
optional="true"/>
-        <attribute name="articleData" type="String" mode="IN" optional="true" 
allow-html="none"/>
-        <attribute name="summaryData" type="String" mode="IN" optional="true" 
allow-html="none"/>
+        <attribute name="articleData" type="String" mode="IN" optional="true" 
allow-html="safe"/>
+        <attribute name="summaryData" type="String" mode="IN" optional="true" 
allow-html="safe"/>
     </service>
     <service name="getBlogEntry" engine="simple" auth="true"
         location="component://content/minilang/blog/BlogServices.xml" 
invoke="getBlogEntry">

Modified: 
ofbiz/branches/release16.11/applications/content/servicedef/services_content.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/applications/content/servicedef/services_content.xml?rev=1859880&r1=1859879&r2=1859880&view=diff
==============================================================================
--- 
ofbiz/branches/release16.11/applications/content/servicedef/services_content.xml
 (original)
+++ 
ofbiz/branches/release16.11/applications/content/servicedef/services_content.xml
 Fri May 24 13:57:20 2019
@@ -48,8 +48,8 @@
         <attribute name="fromDate" type="Timestamp" mode="INOUT" 
optional="true"/>
         <attribute name="sequenceNum" type="Long" mode="IN" optional="true"/>
         <override name="contentTypeId" default-value="DOCUMENT"/>
-        <override name="contentName" allow-html="any"/>
-        <override name="description" allow-html="any"/>
+        <override name="contentName" allow-html="safe"/>
+        <override name="description" allow-html="safe"/>
     </service>
 
     <service name="createTextAndUploadedContent" engine="simple" auth="true"
@@ -132,9 +132,9 @@
         <attribute mode="IN" name="skipPermissionCheck" optional="true" 
type="String"/>
         <attribute mode="IN" name="displayFailCond" optional="true" 
type="Boolean"/>
         <attribute mode="INOUT" name="roleTypeList" optional="true" 
type="List"/>
-        <!-- end of depricated fields -->
-        <override name="contentName" allow-html="any"/>
-        <override name="description" allow-html="any"/>
+        <!-- end of deprecated fields -->
+        <override name="contentName" allow-html="safe"/>
+        <override name="description" allow-html="safe"/>
     </service>
 
     <service name="updateTextContent" engine="group" auth="true">

Modified: 
ofbiz/branches/release16.11/applications/content/servicedef/services_data.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/applications/content/servicedef/services_data.xml?rev=1859880&r1=1859879&r2=1859880&view=diff
==============================================================================
--- 
ofbiz/branches/release16.11/applications/content/servicedef/services_data.xml 
(original)
+++ 
ofbiz/branches/release16.11/applications/content/servicedef/services_data.xml 
Fri May 24 13:57:20 2019
@@ -37,8 +37,8 @@
         <attribute name="dataResourceId" type="String" mode="OUT" 
optional="false"/>
         <attribute name="dataResource" 
type="org.apache.ofbiz.entity.GenericValue" mode="OUT" optional="true"/>
         <attribute name="uploadedFile" type="java.nio.ByteBuffer" mode="IN" 
optional="true"/>
-        <override name="objectInfo" allow-html="any"/>
-        <override name="dataResourceName" allow-html="any"/>
+        <override name="objectInfo" allow-html="safe"/>
+        <override name="dataResourceName" allow-html="safe"/>
     </service>
     <service name="createDataResourceAndAssocToContent" 
default-entity-name="DataResource" engine="simple"
             location="component://content/minilang/data/DataServices.xml" 
invoke="createDataResourceAndAssocToContent" auth="true">
@@ -53,8 +53,8 @@
         <permission-service service-name="genericDataResourcePermission" 
main-action="UPDATE"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
         <attribute name="dataResourceId" type="String" mode="IN" 
optional="false"/>
-        <override name="objectInfo" allow-html="any"/>
-        <override name="dataResourceName" allow-html="any"/>
+        <override name="objectInfo" allow-html="safe"/>
+        <override name="dataResourceName" allow-html="safe"/>
     </service>
     <service name="removeDataResource" engine="entity-auto" 
default-entity-name="DataResource" auth="true" invoke="delete">
         <description>Remove DataResource</description>
@@ -83,7 +83,7 @@
         <description>Create a DataResource and, possibly, ElectronicText or 
ImageDataResource</description>
         <auto-attributes include="pk" mode="INOUT" optional="true"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
-        <attribute name="textData" mode="IN" optional="true" type="String" 
allow-html="any"/>
+        <attribute name="textData" mode="IN" optional="true" type="String" 
allow-html="safe"/>
         <attribute name="targetOperationList" type="List" mode="IN" 
optional="true"/>
         <attribute name="contentPurposeList" type="List" mode="IN" 
optional="true"/>
         <attribute name="skipPermissionCheck" type="String" mode="IN" 
optional="true"/>
@@ -93,7 +93,7 @@
         <description>Create a DataResource and, possibly, ElectronicText or 
ImageDataResource</description>
         <auto-attributes include="pk" mode="IN" optional="true"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
-        <attribute name="textData" mode="IN" type="String" optional="true"  
allow-html="any"/>
+        <attribute name="textData" mode="IN" type="String" optional="true"  
allow-html="safe"/>
         <attribute name="targetOperationList" type="List" mode="IN" 
optional="true"/>
         <attribute name="contentPurposeList" type="List" mode="IN" 
optional="true"/>
         <attribute name="skipPermissionCheck" type="String" mode="IN" 
optional="true"/>
@@ -107,7 +107,7 @@
         <auto-attributes include="pk" mode="IN" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
         <override name="dataResourceTypeId" default-value="ELECTRONIC_TEXT"/>
-        <override name="textData" allow-html="any"/>
+        <override name="textData" allow-html="safe"/>
     </service>
     <service name="updateElectronicText" default-entity-name="ElectronicText" 
engine="entity-auto" invoke="update" auth="true">
         <description>Update a ElectronicText</description>
@@ -115,7 +115,7 @@
         <auto-attributes include="pk" mode="INOUT" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
         <attribute name="contentId" mode="INOUT" optional="true" 
type="String"/><!-- to optionaly know where this text is belonging to -->
-        <override name="textData" allow-html="any"/>
+        <override name="textData" allow-html="safe"/>
     </service>
     <service name="removeElectronicText" default-entity-name="ElectronicText" 
engine="entity-auto" invoke="delete" auth="true">
         <description>Remove ElectronicText</description>

Modified: 
ofbiz/branches/release16.11/applications/marketing/servicedef/services_opportunity.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/applications/marketing/servicedef/services_opportunity.xml?rev=1859880&r1=1859879&r2=1859880&view=diff
==============================================================================
--- 
ofbiz/branches/release16.11/applications/marketing/servicedef/services_opportunity.xml
 (original)
+++ 
ofbiz/branches/release16.11/applications/marketing/servicedef/services_opportunity.xml
 Fri May 24 13:57:20 2019
@@ -72,9 +72,9 @@ under the License.
         <auto-attributes mode="IN" include="nonpk" optional="true"/>
         <attribute name="accountPartyId" mode="IN" type="String" 
optional="true"/>
         <attribute name="leadPartyId" mode="IN" type="String" optional="true"/>
-        <override name="opportunityName" allow-html="any"/>
-        <override name="description" allow-html="any"/>
-        <override name="nextStep" allow-html="any"/>
+        <override name="opportunityName" allow-html="safe"/>
+        <override name="description" allow-html="safe"/>
+        <override name="nextStep" allow-html="safe"/>
     </service>
     <service name="updateSalesOpportunity" 
default-entity-name="SalesOpportunity" engine="entity-auto" invoke="update">
         <description>Update an sales opportunity</description>
@@ -82,9 +82,9 @@ under the License.
         <auto-attributes mode="IN" include="nonpk" optional="true"/>
         <attribute name="accountPartyId" mode="IN" type="String" 
optional="true"/>
         <attribute name="leadPartyId" mode="IN" type="String" optional="true"/>
-        <override name="opportunityName" allow-html="any"/>
-        <override name="description" allow-html="any"/>
-        <override name="nextStep" allow-html="any"/>
+        <override name="opportunityName" allow-html="safe"/>
+        <override name="description" allow-html="safe"/>
+        <override name="nextStep" allow-html="safe"/>
     </service>
     <service name="createSalesOpportunityRole" 
default-entity-name="SalesOpportunityRole" engine="entity-auto" invoke="create">
         <description>Create sales opportunity role</description>

Modified: ofbiz/branches/release16.11/applications/order/servicedef/services.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/applications/order/servicedef/services.xml?rev=1859880&r1=1859879&r2=1859880&view=diff
==============================================================================
--- ofbiz/branches/release16.11/applications/order/servicedef/services.xml 
(original)
+++ ofbiz/branches/release16.11/applications/order/servicedef/services.xml Fri 
May 24 13:57:20 2019
@@ -435,7 +435,7 @@ under the License.
             location="org.apache.ofbiz.order.order.OrderServices" 
invoke="createOrderNote" auth="true">
         <description>Create a note item and associate with a order 
header</description>
         <attribute name="orderId" type="String" mode="IN"/>
-        <attribute name="note" type="String" mode="IN" allow-html="any"/>
+        <attribute name="note" type="String" mode="IN" allow-html="safe"/>
         <attribute name="internalNote" type="String" mode="IN"/>
         <attribute name="noteName" type="String" mode="IN" optional="true"/>
     </service>

Modified: 
ofbiz/branches/release16.11/applications/order/servicedef/services_quote.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/applications/order/servicedef/services_quote.xml?rev=1859880&r1=1859879&r2=1859880&view=diff
==============================================================================
--- 
ofbiz/branches/release16.11/applications/order/servicedef/services_quote.xml 
(original)
+++ 
ofbiz/branches/release16.11/applications/order/servicedef/services_quote.xml 
Fri May 24 13:57:20 2019
@@ -276,7 +276,7 @@ under the License.
             location="component://order/minilang/quote/QuoteServices.xml" 
invoke="createQuoteNote" auth="true">
         <description>Create a note item and associate with a 
quote</description>
         <attribute name="quoteId" type="String" mode="IN"/>
-        <attribute name="noteInfo" type="String" mode="IN" allow-html="any"/>
+        <attribute name="noteInfo" type="String" mode="IN" allow-html="safe"/>
         <attribute name="noteName" type="String" mode="IN" optional="true"/>
     </service>
 

Modified: 
ofbiz/branches/release16.11/applications/order/servicedef/services_request.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/applications/order/servicedef/services_request.xml?rev=1859880&r1=1859879&r2=1859880&view=diff
==============================================================================
--- 
ofbiz/branches/release16.11/applications/order/servicedef/services_request.xml 
(original)
+++ 
ofbiz/branches/release16.11/applications/order/servicedef/services_request.xml 
Fri May 24 13:57:20 2019
@@ -42,9 +42,9 @@ under the License.
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
         <auto-attributes include="all" mode="IN" entity-name="CustRequestItem" 
optional="true"/>
         <attribute name="webSiteId" type="String" mode="IN" 
optional="true"/><!-- for notification services -->
-        <override name="custRequestName" allow-html="any"/>
-        <override name="description" allow-html="any"/>
-        <override name="story" allow-html="any"/>
+        <override name="custRequestName" allow-html="safe"/>
+        <override name="description" allow-html="safe"/>
+        <override name="story" allow-html="safe"/>
     </service>
     <service name="updateCustRequest" engine="simple" 
default-entity-name="CustRequest"
             
location="component://order/minilang/request/CustRequestServices.xml" 
invoke="updateCustRequest" auth="true">
@@ -52,10 +52,10 @@ under the License.
         <auto-attributes include="pk" mode="IN" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
         <attribute name="oldStatusId" type="String" mode="OUT"/>
-        <attribute name="story" mode="IN" type="String" optional="true" 
allow-html="any"/>
+        <attribute name="story" mode="IN" type="String" optional="true" 
allow-html="safe"/>
         <attribute name="webSiteId" type="String" mode="IN" 
optional="true"/><!-- for notification services -->
-        <override name="custRequestName" allow-html="any"/>
-        <override name="description" allow-html="any"/>
+        <override name="custRequestName" allow-html="safe"/>
+        <override name="description" allow-html="safe"/>
     </service>
 
     <service name="deleteCustRequest" engine="simple" 
default-entity-name="CustRequest"
@@ -86,16 +86,16 @@ under the License.
         <auto-attributes include="pk" mode="INOUT" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
         <override name="custRequestItemSeqId" optional="true"/>
-        <override name="story" allow-html="any"/>
-        <override name="description" allow-html="any"/>
+        <override name="story" allow-html="safe"/>
+        <override name="description" allow-html="safe"/>
     </service>
     <service name="updateCustRequestItem" engine="simple" 
default-entity-name="CustRequestItem"
             
location="component://order/minilang/request/CustRequestServices.xml" 
invoke="updateCustRequestItem" auth="true">
         <description>Update a CustRequestItem record</description>
         <auto-attributes include="pk" mode="IN" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
-        <override name="story" allow-html="any"/>
-        <override name="description" allow-html="any"/>
+        <override name="story" allow-html="safe"/>
+        <override name="description" allow-html="safe"/>
     </service>
     <service name="copyCustRequestItem" default-entity-name="CustRequestItem" 
engine="simple"
                 
location="component://order/minilang/request/CustRequestServices.xml" 
invoke="copyCustRequestItem" auth="true">
@@ -134,7 +134,7 @@ under the License.
             
location="component://order/minilang/request/CustRequestServices.xml" 
invoke="createCustRequestNote" auth="true">
         <description>Create a note for a CustRequest</description>
         <attribute name="custRequestId" type="String" mode="IN" 
optional="false"/>
-        <attribute name="noteInfo" type="String" mode="IN" optional="false" 
allow-html="any"/>
+        <attribute name="noteInfo" type="String" mode="IN" optional="false" 
allow-html="safe"/>
         <attribute name="noteId" type="String" mode="OUT" optional="false"/>
         <attribute name="fromPartyId" type="String" mode="OUT" 
optional="true"/><!-- party to be notified -->
         <attribute name="custRequestName" type="String" mode="OUT" 
optional="true"/><!-- for notification services -->
@@ -143,7 +143,7 @@ under the License.
             
location="component://order/minilang/request/CustRequestServices.xml" 
invoke="updateCustRequestNote" auth="true">
         <description>Update CustRequest Note</description>
         <attribute name="custRequestId" type="String" mode="IN" 
optional="false"/>
-        <attribute name="noteId" type="String" mode="IN" optional="false" 
allow-html="any"/>
+        <attribute name="noteId" type="String" mode="IN" optional="false" 
allow-html="safe"/>
         <attribute name="noteInfo" type="String" mode="IN" optional="true"/>
     </service>
     <service name="createCustRequestItemNote" engine="simple"
@@ -151,7 +151,7 @@ under the License.
         <description>Create a note for a CustRequestItem</description>
         <attribute name="custRequestId" type="String" mode="IN" 
optional="false"/>
         <attribute name="custRequestItemSeqId" type="String" mode="IN" 
optional="false"/>
-        <attribute name="note" type="String" mode="IN" optional="false" 
allow-html="any"/>
+        <attribute name="note" type="String" mode="IN" optional="false" 
allow-html="safe"/>
         <attribute name="noteId" type="String" mode="OUT" optional="false"/>
         <attribute name="partyId" type="String" mode="INOUT" 
optional="true"/><!-- party who created the note -->
         <attribute name="fromPartyId" type="String" mode="OUT" 
optional="true"/><!-- party to be notified -->
@@ -183,7 +183,7 @@ under the License.
         <description>Set the Customer Request  Status</description>
         <attribute name="custRequestId" type="String" mode="INOUT" 
optional="false"/>
         <attribute name="statusId" type="String" mode="IN" optional="false"/>
-        <attribute name="reason" type="String" mode="IN" optional="true" 
allow-html="any"/>
+        <attribute name="reason" type="String" mode="IN" optional="true" 
allow-html="safe"/>
         <attribute name="oldStatusId" type="String" mode="OUT" 
optional="true"/>
         <attribute name="fromPartyId" type="String" mode="OUT" 
optional="true"/><!-- for notification services -->
         <attribute name="custRequestName" type="String" mode="OUT" 
optional="true"/><!-- for notification services -->
@@ -197,8 +197,8 @@ under the License.
         <attribute name="custRequestId" mode="IN" type="String" 
optional="true"/>
         <attribute name="custRequestId" mode="OUT" type="String" 
optional="false"/>
         <attribute name="custRequestTypeId" mode="IN" type="String" 
optional="true"/>
-        <attribute name="custRequestName" mode="IN" type="String" 
optional="true" allow-html="any"/>
-        <attribute name="story" mode="IN" type="String" optional="true" 
allow-html="any"/>
+        <attribute name="custRequestName" mode="IN" type="String" 
optional="true" allow-html="safe"/>
+        <attribute name="story" mode="IN" type="String" optional="true" 
allow-html="safe"/>
         <override name="content" allow-html="any"/>
     </service>
 

Modified: ofbiz/branches/release16.11/applications/party/servicedef/services.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/applications/party/servicedef/services.xml?rev=1859880&r1=1859879&r2=1859880&view=diff
==============================================================================
--- ofbiz/branches/release16.11/applications/party/servicedef/services.xml 
(original)
+++ ofbiz/branches/release16.11/applications/party/servicedef/services.xml Fri 
May 24 13:57:20 2019
@@ -119,7 +119,7 @@ under the License.
         <attribute name="externalId" type="String" mode="IN" optional="true"/>
         <attribute name="statusId" type="String" mode="IN" optional="true"/>
         <override name="groupName" optional="false"/>
-        <override name="comments" allow-html="any"/>
+        <override name="comments" allow-html="safe"/>
     </service>
     <service name="updatePartyGroup" engine="java" 
default-entity-name="PartyGroup"
             location="org.apache.ofbiz.party.party.PartyServices" 
invoke="updatePartyGroup" auth="true">
@@ -132,7 +132,7 @@ under the License.
         <attribute name="preferredCurrencyUomId" type="String" mode="IN" 
optional="true"/>
         <attribute name="externalId" type="String" mode="IN" optional="true"/>
         <attribute name="statusId" type="String" mode="IN" optional="true"/>
-        <override name="comments" allow-html="any"/>
+        <override name="comments" allow-html="safe"/>
     </service>
 
     <service name="savePartyNameChange" engine="simple"
@@ -373,7 +373,7 @@ under the License.
         <description>create a company/contact relationship and add the related 
roles</description>
         <attribute name="accountPartyId" type="String" mode="IN"/>
         <attribute name="contactPartyId" type="String" mode="IN"/>
-        <attribute name="comments" type="String" mode="IN" optional="true" 
allow-html="any"/>
+        <attribute name="comments" type="String" mode="IN" optional="true" 
allow-html="safe"/>
     </service>
 
     <!-- ContactMech services -->
@@ -753,7 +753,7 @@ under the License.
         <override name="headerString" allow-html="any"/>
         <override name="content" allow-html="any"/>
         <override name="messageId" allow-html="any"/>
-        <override name="subject" allow-html="any"/>
+        <override name="subject" allow-html="safe"/>
     </service>
     <service name="createCommunicationEvent" engine="simple"
             
location="component://party/minilang/communication/CommunicationEventServices.xml"
 invoke="createCommunicationEventWithPermission" auth="true">
@@ -777,7 +777,7 @@ under the License.
         <attribute name="oldStatusId" type="String" mode="OUT" 
optional="true"/>
         <override name="messageId" allow-html="any"/>
         <override name="content" allow-html="any"/>
-        <override name="subject" allow-html="any"/>
+        <override name="subject" allow-html="safe"/>
     </service>
     <service name="deleteCommunicationEvent" engine="simple"
         
location="component://party/minilang/communication/CommunicationEventServices.xml"
 invoke="deleteCommunicationEvent" auth="true">

Modified: 
ofbiz/branches/release16.11/applications/product/servicedef/services.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/applications/product/servicedef/services.xml?rev=1859880&r1=1859879&r2=1859880&view=diff
==============================================================================
--- ofbiz/branches/release16.11/applications/product/servicedef/services.xml 
(original)
+++ ofbiz/branches/release16.11/applications/product/servicedef/services.xml 
Fri May 24 13:57:20 2019
@@ -34,8 +34,8 @@ under the License.
             <exclude field-name="lastModifiedDate"/>
             <exclude field-name="lastModifiedByUserLogin"/>
         </auto-attributes>
-        <override name="description" allow-html="any"/>
-        <override name="longDescription" allow-html="any"/>
+        <override name="description" allow-html="safe"/>
+        <override name="longDescription" allow-html="safe"/>
     </service>
     <service name="createProduct" default-entity-name="Product" engine="simple"
                 
location="component://product/minilang/product/product/ProductServices.xml" 
invoke="createProduct" auth="true">
@@ -70,8 +70,8 @@ under the License.
         <attribute name="oldProductId" type="String" mode="IN" 
optional="false"/>
         <attribute name="newInternalName" type="String" mode="IN" 
optional="true"/>
         <attribute name="newProductName" type="String" mode="IN" 
optional="true"/>
-        <attribute name="newDescription" type="String" mode="IN" 
optional="true" allow-html="any"/>
-        <attribute name="newLongDescription" type="String" mode="IN" 
optional="true" allow-html="any"/>
+        <attribute name="newDescription" type="String" mode="IN" 
optional="true" allow-html="safe"/>
+        <attribute name="newLongDescription" type="String" mode="IN" 
optional="true" allow-html="safe"/>
         <attribute name="duplicatePrices" type="String" mode="IN" 
optional="true"/>
         <attribute name="duplicateIDs" type="String" mode="IN" 
optional="true"/>
         <attribute name="duplicateContent" type="String" mode="IN" 
optional="true"/>
@@ -387,7 +387,7 @@ under the License.
         <auto-attributes mode="IN" entity-name="Content" optional="true"/>
         <attribute name="subject" type="String" mode="IN" optional="false"/>
         <attribute name="plainBody" type="String" mode="IN" optional="false"/>
-        <attribute name="htmlBody" type="String" mode="IN" optional="true" 
allow-html="any"/>
+        <attribute name="htmlBody" type="String" mode="IN" optional="true" 
allow-html="safe"/>
         <override name="contentId" optional="true" mode="INOUT"/>
     </service>
     <service name="updateEmailContentForProduct" 
default-entity-name="ProductContent" engine="simple"
@@ -400,7 +400,7 @@ under the License.
         <attribute name="plainBodyDataResourceId" type="String" mode="IN" 
optional="true"/>
         <attribute name="plainBody" type="String" mode="IN" optional="true"/>
         <attribute name="htmlBodyDataResourceId" type="String" mode="IN" 
optional="true"/>
-        <attribute name="htmlBody" type="String" mode="IN" optional="true" 
allow-html="any"/>
+        <attribute name="htmlBody" type="String" mode="IN" optional="true" 
allow-html="safe"/>
     </service>
     <service name="createDownloadContentForProduct" 
default-entity-name="ProductContent" engine="simple"
         
location="component://product/minilang/product/product/ProductContentServices.xml"
 invoke="createDownloadContentForProduct" auth="true">
@@ -426,7 +426,7 @@ under the License.
         <auto-attributes include="pk" mode="IN" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
         <auto-attributes entity-name="Content" include="nonpk" mode="IN" 
optional="true"/>
-        <attribute name="text" type="String" mode="IN" optional="false" 
allow-html="any"/>
+        <attribute name="text" type="String" mode="IN" optional="false" 
allow-html="safe"/>
         <override name="contentId" optional="true"/>
         <override name="fromDate" optional="true"/>
     </service>
@@ -436,13 +436,13 @@ under the License.
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
         <auto-attributes mode="IN" entity-name="Content" optional="true"/>
         <attribute name="textDataResourceId" type="String" mode="IN" 
optional="true"/>
-        <attribute name="text" type="String" mode="IN" optional="true" 
allow-html="any"/>
+        <attribute name="text" type="String" mode="IN" optional="true" 
allow-html="safe"/>
     </service>
 
     <service name="createSimpleTextContentForAlternateLocale" engine="simple" 
location="component://product/minilang/product/product/ProductContentServices.xml"
 invoke="createSimpleTextContentForAlternateLocale">
         <auto-attributes mode="IN" entity-name="Content" optional="true"/>
         <attribute name="mainContentId" type="String" mode="IN" 
optional="false"/>
-        <attribute name="text" type="String" mode="IN" optional="false" 
allow-html="any"/>
+        <attribute name="text" type="String" mode="IN" optional="false" 
allow-html="safe"/>
         <override name="localeString" optional="false"/>
         <override name="contentId" mode="INOUT"/>
     </service>
@@ -942,7 +942,7 @@ under the License.
         <auto-attributes include="pk" mode="IN" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
         <auto-attributes entity-name="Content" include="nonpk" mode="IN" 
optional="true"/>
-        <attribute name="text" type="String" mode="IN" optional="false" 
allow-html="any"/>
+        <attribute name="text" type="String" mode="IN" optional="false" 
allow-html="safe"/>
         <override name="contentId" optional="true"/>
         <override name="fromDate" optional="true"/>
     </service>
@@ -952,7 +952,7 @@ under the License.
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
         <auto-attributes entity-name="Content" include="nonpk" mode="IN" 
optional="true"/>
         <attribute name="textDataResourceId" type="String" mode="IN" 
optional="true"/>
-        <attribute name="text" type="String" mode="IN" optional="true" 
allow-html="any"/>
+        <attribute name="text" type="String" mode="IN" optional="true" 
allow-html="safe"/>
     </service>
 
     <service name="updateContentSEOForCategory" engine="simple"
@@ -1175,7 +1175,7 @@ under the License.
         <auto-attributes include="pk" mode="IN" optional="true"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
         <auto-attributes mode="IN" entity-name="Content" optional="true"/>
-        <attribute name="text" type="String" mode="IN" optional="false" 
allow-html="any"/>
+        <attribute name="text" type="String" mode="IN" optional="false" 
allow-html="safe"/>
         <override name="contentId" optional="true"/>
     </service>
     <service name="updateSimpleTextContentForProductConfigItem" 
default-entity-name="ProdConfItemContent" engine="simple"
@@ -1184,7 +1184,7 @@ under the License.
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
         <auto-attributes mode="IN" entity-name="Content" optional="true"/>
         <attribute name="textDataResourceId" type="String" mode="IN" 
optional="true"/>
-        <attribute name="text" type="String" mode="IN" optional="true" 
allow-html="any"/>
+        <attribute name="text" type="String" mode="IN" optional="true" 
allow-html="safe"/>
     </service>
     <service name="getProductFeaturesByType" engine="java"
             location="org.apache.ofbiz.product.feature.ProductFeatureServices" 
invoke="getProductFeaturesByType">

Modified: 
ofbiz/branches/release16.11/applications/product/servicedef/services_pricepromo.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/applications/product/servicedef/services_pricepromo.xml?rev=1859880&r1=1859879&r2=1859880&view=diff
==============================================================================
--- 
ofbiz/branches/release16.11/applications/product/servicedef/services_pricepromo.xml
 (original)
+++ 
ofbiz/branches/release16.11/applications/product/servicedef/services_pricepromo.xml
 Fri May 24 13:57:20 2019
@@ -132,7 +132,7 @@ under the License.
         <auto-attributes include="pk" mode="OUT" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
         <override name="promoName" optional="false"/>
-        <override name="promoText" allow-html="any"/>
+        <override name="promoText" allow-html="safe"/>
         <override name="userEntered" default-value="Y"/>
     </service>
     <service name="updateProductPromo" default-entity-name="ProductPromo" 
engine="entity-auto" invoke="update" auth="true">
@@ -140,7 +140,7 @@ under the License.
         <permission-service service-name="productPriceGenericPermission" 
main-action="UPDATE"/>
         <auto-attributes include="pk" mode="IN" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
-        <override name="promoText" allow-html="any"/>
+        <override name="promoText" allow-html="safe"/>
         <override name="userEntered" default-value="Y"/>
     </service>
     <service name="deleteProductPromo" default-entity-name="ProductPromo" 
engine="entity-auto" invoke="delete" auth="true">

Modified: 
ofbiz/branches/release16.11/applications/workeffort/servicedef/services.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/applications/workeffort/servicedef/services.xml?rev=1859880&r1=1859879&r2=1859880&view=diff
==============================================================================
--- ofbiz/branches/release16.11/applications/workeffort/servicedef/services.xml 
(original)
+++ ofbiz/branches/release16.11/applications/workeffort/servicedef/services.xml 
Fri May 24 13:57:20 2019
@@ -35,8 +35,8 @@ under the License.
             <exclude field-name="lastModifiedDate"/>
             <exclude field-name="lastModifiedByUserLogin"/>
         </auto-attributes>
-        <override name="workEffortName" allow-html="any"/>
-        <override name="description" allow-html="any"/>
+        <override name="workEffortName" allow-html="safe"/>
+        <override name="description" allow-html="safe"/>
     </service>
     <service name="createWorkEffort" default-entity-name="WorkEffort" 
engine="simple"
         
location="component://workeffort/minilang/workeffort/WorkEffortSimpleServices.xml"
 invoke="createWorkEffort">
@@ -50,9 +50,9 @@ under the License.
         <attribute name="communicationEventId" type="String" mode="IN" 
optional="true"/>
         <attribute name="webSiteId" type="String" mode="IN" 
optional="true"/><!-- for notification services -->
         <override name="workEffortTypeId" optional="false"/>
-        <override name="workEffortName" optional="false" allow-html="any"/>
+        <override name="workEffortName" optional="false" allow-html="safe"/>
         <override name="currentStatusId" optional="false"/>
-        <override name="description" allow-html="any"/>
+        <override name="description" allow-html="safe"/>
     </service>
     <service name="createWorkEffortAndPartyAssign" 
default-entity-name="WorkEffort" engine="simple"
         
location="component://workeffort/minilang/workeffort/WorkEffortSimpleServices.xml"
 invoke="createWorkEffortAndPartyAssign">
@@ -449,7 +449,7 @@ under the License.
                 <fail-property resource="WorkEffortUiLabels" 
property="WorkEffortRequiredFieldMissingCustRequestId"/>
             </type-validate>
         </override>
-        <override name="description" allow-html="any"/>
+        <override name="description" allow-html="safe"/>
     </service>
     <service name="deleteWorkEffortRequest" engine="entity-auto" 
default-entity-name="CustRequestWorkEffort" invoke="delete" auth="true">
         <description>Deletes a CustRequestWorkEffort</description>

Modified: ofbiz/branches/release16.11/framework/base/config/owasp.properties
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/framework/base/config/owasp.properties?rev=1859880&r1=1859879&r2=1859880&view=diff
==============================================================================
--- ofbiz/branches/release16.11/framework/base/config/owasp.properties 
(original)
+++ ofbiz/branches/release16.11/framework/base/config/owasp.properties Fri May 
24 13:57:20 2019
@@ -24,10 +24,14 @@
 # By default we use a permissive sanitizer policy
 # This has a slight impact on the code rendered, see last comments in 
OFBIZ-6669. 
 # Given as an example based on rendering cmssite, as it was before using the 
sanitizer.
-# You might even want to adapt the PERMISSIVE_POLICY to your needs. 
+# You might want to adapt the PERMISSIVE_POLICY to your needs. 
 # Be sure to check 
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet before...
-
-# Use sanitizer.permissive.policy=CUSTOM to use your custom PolicyFactory
 sanitizer.enable=true
+
+# Use sanitizer.permissive.policy=CUSTOM to use your custom permissive 
PolicyFactory (see OFBIZ-10187)
 sanitizer.permissive.policy=DEFAULT
-sanitizer.custom.policy.class=org.apache.ofbiz.base.html.CustomPermissivePolicy
\ No newline at end of file
+sanitizer.custom.permissive.policy.class=org.apache.ofbiz.base.html.CustomPermissivePolicy
+
+# Use sanitizer.safe.policy=CUSTOM to use your custom safe PolicyFactory (see 
OFBIZ-5254)
+sanitizer.safe.policy=DEFAULT
+sanitizer.custom.safe.policy.class=org.apache.ofbiz.base.html.CustomSafePolicy
\ No newline at end of file

Modified: 
ofbiz/branches/release16.11/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java?rev=1859880&r1=1859879&r2=1859880&view=diff
==============================================================================
--- 
ofbiz/branches/release16.11/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java
 (original)
+++ 
ofbiz/branches/release16.11/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java
 Fri May 24 13:57:20 2019
@@ -29,6 +29,7 @@ import java.util.Collection;
 import java.util.Collections;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 
@@ -103,8 +104,8 @@ public class UtilCodec {
          * This method will start a configurable sanitizing process. The 
sanitizer can
          * be turns off through "sanitizer.enable=false", the default value is 
true. It
          * is possible to configure a custom policy using the properties
-         * "sanitizer.permissive.policy" and "sanitizer.custom.policy.class". 
The custom
-         * policy has to implement
+         * "sanitizer.permissive.policy" and 
"sanitizer.custom.permissive.policy.class". 
+         * The custom policy has to implement
          * {@link org.apache.ofbiz.base.html.SanitizerCustomPolicy}.
          *
          * @param original
@@ -124,7 +125,7 @@ public class UtilCodec {
                     PolicyFactory policy = null;
                     try {
                         Class<?> customPolicyClass = 
Class.forName(UtilProperties.getPropertyValue("owasp",
-                                "sanitizer.custom.policy.class"));
+                                "sanitizer.custom.permissive.policy.class"));
                         Object obj = customPolicyClass.newInstance();
                         if 
(SanitizerCustomPolicy.class.isAssignableFrom(customPolicyClass)) {
                             Method meth = 
customPolicyClass.getMethod("getSanitizerPolicy");
@@ -134,7 +135,7 @@ public class UtilCodec {
                             | InvocationTargetException | 
NoSuchMethodException | SecurityException
                             | InstantiationException e) {
                         // Just logging the error and falling back to default 
policy
-                        Debug.logError(e, "Could not find custom sanitizer 
policy. Using default instead", module);
+                        Debug.logError(e, "Could not find custom permissive 
sanitizer policy. Using default instead", module);
                     }
 
                     if (policy != null) {
@@ -300,38 +301,67 @@ public class UtilCodec {
 
     /**
      * Uses a black-list approach for necessary characters for HTML.
-     * Does not allow various characters (after canonicalization), including 
"<", ">", "&" (if not followed by a space), and "%" (if not followed by a 
space).
+     * Does not allow various characters (after canonicalization), including
+     * "&lt;", "&gt;", "&amp;" and "%" (if not followed by a space).
+     * 
+     * Also does not allow js events as in OFBIZ-10054
      *
-     * @param value
-     * @param errorMessageList
+     * @param valueName field name checked
+     * @param value value checked
+     * @param errorMessageList an empty list passed by and modified in case of 
issues
+     * @param locale
      */
-    public static String checkStringForHtmlStrictNone(String valueName, String 
value, List<String> errorMessageList) {
+    public static String checkStringForHtmlStrictNone(String valueName, String 
value, List<String> errorMessageList, 
+            Locale locale) {
         if (UtilValidate.isEmpty(value)) return value;
+        
 
         // canonicalize, strict (error on double-encoding)
         try {
             value = canonicalize(value, true);
         } catch (IntrusionException e) {
             // NOTE: using different log and user targeted error messages to 
allow the end-user message to be less technical
-            Debug.logError("Canonicalization (format consistency, character 
escaping that is mixed or double, etc) error for attribute named [" + valueName 
+ "], String [" + value + "]: " + e.toString(), module);
-            errorMessageList.add("In field [" + valueName + "] found character 
escaping (mixed or double) that is not allowed or other format consistency 
error: " + e.toString());
+            Debug.logError("Canonicalization (format consistency, character 
escaping that is mixed or double, etc) "
+                    + "error for attribute named [" + valueName + "], String 
[" + value + "]: " + e.toString(), module);
+            String issueMsg = null;
+            if (locale.equals(new Locale("test"))) { // labels are not 
available in testClasses Gradle task
+                issueMsg = "In field [" + valueName + "] found character 
escaping (mixed or double) "
+                        + "that is not allowed or other format consistency 
error: ";
+            } else {
+                issueMsg = 
UtilProperties.getMessage("SecurityUiLabels","PolicyNoneMixedOrDouble", 
+                        UtilMisc.toMap("valueName", valueName), locale);
+            }
+            errorMessageList.add(issueMsg + e.toString());
         }
 
         // check for "<", ">"
         if (value.indexOf("<") >= 0 || value.indexOf(">") >= 0) {
-            errorMessageList.add("In field [" + valueName + "] less-than (<) 
and greater-than (>) symbols are not allowed.");
+            String issueMsg = null;
+            if (locale.equals(new Locale("test"))) {
+                issueMsg = "In field [" + valueName + "] less-than (<) and 
greater-than (>) symbols are not allowed.";
+            } else {
+                issueMsg = 
UtilProperties.getMessage("SecurityUiLabels","PolicyNoneLess-thanGreater-than", 
+                        UtilMisc.toMap("valueName", valueName), locale);
+            }
+            errorMessageList.add(issueMsg);
         }
         
         // check for js events
-        final String onEvent = "on" + StringUtils.substringBetween(value, " 
on", "=");
-        final boolean seekSegmentTime = value.contains("seekSegmentTime");
-        if (null != onEvent || seekSegmentTime) {
-            if (jsEventList.stream().anyMatch(str -> 
StringUtils.containsIgnoreCase(str, onEvent)) || seekSegmentTime) {
-                errorMessageList.add("In field [" + valueName + "] js events 
are not allowed.");
+        String onEvent = "on" + StringUtils.substringBetween(value, " on", 
"=");
+        if (jsEventList.stream().anyMatch(str -> 
StringUtils.containsIgnoreCase(str, onEvent)) 
+                || value.contains("seekSegmentTime")) {
+            String issueMsg = null;
+            if (locale.equals(new Locale("test"))) {
+                issueMsg = "In field [" + valueName + "] Javascript events are 
not allowed.";
+            } else {
+                issueMsg = 
UtilProperties.getMessage("SecurityUiLabels","PolicyNoneJsEvents", 
+                        UtilMisc.toMap("valueName", valueName), locale);
             }
+            errorMessageList.add(issueMsg);
         }
 
         // TODO: anything else to check for that can be used to get HTML or 
JavaScript going without these characters?
+        //
         // Another would be 
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#US-ASCII_encoding
         // But all our Tomcat connectors use UTF-8
         // We don't care about Flash now rather deprecated
@@ -341,7 +371,59 @@ public class UtilCodec {
     }
 
     /**
-     * A simple Map wrapper class that will do HTML encoding. To be used for 
passing a Map to something that will expand Strings with it as a context, etc.
+     * This method check if the input is safe HTML.
+     * It is possible to configure a safe policy using the properties
+     * "sanitizer.safe.policy" and "sanitizer.custom.safe.policy.class". 
+     * The safe policy has to implement
+     * {@link org.apache.ofbiz.base.html.SanitizerCustomPolicy}.
+     *
+     * @param valueName field name checked
+     * @param value value checked
+     * @param errorMessageList an empty list passed by and modified in case of 
issues
+     * @param locale
+     */
+    public static String checkStringForHtmlSafe(String valueName, String 
value, List<String> errorMessageList, 
+            Locale locale) {
+        PolicyFactory policy = null;
+        try {
+            Class<?> customPolicyClass = null;
+            if (locale.equals(new Locale("test"))) {
+                customPolicyClass = 
Class.forName("org.apache.ofbiz.base.html.CustomSafePolicy");
+            } else {
+            customPolicyClass = 
Class.forName(UtilProperties.getPropertyValue("owasp",
+                    "sanitizer.custom.safe.policy.class"));
+            }
+            Object obj = customPolicyClass.newInstance();
+            if 
(SanitizerCustomPolicy.class.isAssignableFrom(customPolicyClass)) {
+                Method meth = 
customPolicyClass.getMethod("getSanitizerPolicy");
+                policy = (PolicyFactory) meth.invoke(obj);
+            }
+        } catch (ClassNotFoundException | IllegalAccessException | 
IllegalArgumentException
+                | InvocationTargetException | NoSuchMethodException | 
SecurityException
+                | InstantiationException e) {
+            Debug.logError(e, "Could not find custom safe sanitizer policy. 
Using default instead."
+                    + "Beware: the result is not rightly checked!", module);
+        }
+
+        String filtered = policy.sanitize(value);
+        if (!value.equals(filtered)) {
+            String issueMsg = null;
+            if (locale.equals(new Locale("test"))) {
+                issueMsg = "In field [" + valueName + "] by our input policy, 
your input has not been accepted "
+                        + "for security reason. Please check and modify 
accordingly, thanks.";
+            } else {
+                issueMsg = 
UtilProperties.getMessage("SecurityUiLabels","PolicySafe", 
+                        UtilMisc.toMap("valueName", valueName), locale);
+            }
+            errorMessageList.add(issueMsg);
+        }
+        
+        return value;
+    }
+    
+    /**
+     * A simple Map wrapper class that will do HTML encoding. 
+     * To be used for passing a Map to something that will expand Strings with 
it as a context, etc.
      */
     public static class HtmlEncodingMapWrapper<K> implements Map<K, Object> {
         public static <K> HtmlEncodingMapWrapper<K> 
getHtmlEncodingMapWrapper(Map<K, Object> mapToWrap, SimpleEncoder encoder) {

Modified: 
ofbiz/branches/release16.11/framework/base/src/test/java/org/apache/ofbiz/base/util/UtilCodecTests.java
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/framework/base/src/test/java/org/apache/ofbiz/base/util/UtilCodecTests.java?rev=1859880&r1=1859879&r2=1859880&view=diff
==============================================================================
--- 
ofbiz/branches/release16.11/framework/base/src/test/java/org/apache/ofbiz/base/util/UtilCodecTests.java
 (original)
+++ 
ofbiz/branches/release16.11/framework/base/src/test/java/org/apache/ofbiz/base/util/UtilCodecTests.java
 Fri May 24 13:57:20 2019
@@ -20,6 +20,8 @@ package org.apache.ofbiz.base.util;
 
 import java.util.Arrays;
 import java.util.List;
+import java.util.Locale;
+
 import java.util.ArrayList;
 import org.junit.Test;
 import static org.junit.Assert.*;
@@ -37,7 +39,7 @@ public class UtilCodecTests {
     public void checkStringForHtmlStrictNoneDetectsXSS() {
         String xssVector = "&lt;script&gtalert(\"XSS 
vector\");&lt;/script&gt;";
         List<String> errorList = new ArrayList<>();
-        String canonicalizedXssVector = 
UtilCodec.checkStringForHtmlStrictNone("fieldName", xssVector, errorList);
+        String canonicalizedXssVector = 
UtilCodec.checkStringForHtmlStrictNone("fieldName", xssVector, errorList, new 
Locale("test"));
         assertEquals("<script>alert(\"XSS vector\");</script>", 
canonicalizedXssVector);
         assertEquals(1, errorList.size());
         assertEquals("In field [fieldName] less-than (<) and greater-than (>) 
symbols are not allowed.", errorList.get(0));
@@ -67,6 +69,7 @@ public class UtilCodecTests {
         // jacopoc: temporarily commented because this test is failing after 
the upgrade of owasp-esapi (still investigating)
         //checkStringForHtmlStrictNone_test("double-ampersand", "f\";oo", 
"f%26quot%3boo");
         checkStringForHtmlStrictNone_test("double-encoding", "%2%353Cscript", 
"%2%353Cscript", "In field [double-encoding] found character escaping (mixed or 
double) that is not allowed or other format consistency error: 
org.apache.ofbiz.base.util.UtilCodec$IntrusionException: Input validation 
failure");
+        checkStringForHtmlStrictNone_test("js_event", "non_existent.foo\" 
onerror=\"alert('Hi!');", "non_existent.foo\" onerror=\"alert('Hi!');", "In 
field [js_event] Javascript events are not allowed.");
     }
 
     private static void encoderTest(String label, UtilCodec.SimpleEncoder 
encoder, String wanted, String toEncode) {
@@ -75,8 +78,21 @@ public class UtilCodecTests {
     }
     private static void checkStringForHtmlStrictNone_test(String label, String 
fixed, String input, String... wantedMessages) {
         List<String> gottenMessages = new ArrayList<String>();
-        assertEquals(label, fixed, 
UtilCodec.checkStringForHtmlStrictNone(label, input, gottenMessages));
+        assertEquals(label, fixed, 
UtilCodec.checkStringForHtmlStrictNone(label, input, gottenMessages, new 
Locale("test")));
         assertEquals(label, Arrays.asList(wantedMessages), gottenMessages);
     }
+    
+    @Test
+    public void testCheckStringForHtmlSafe() {
+        String xssVector = "<script>alert('XSS vector');</script>";
+        List<String> errorList = new ArrayList<>();
+        String canonicalizedXssVector = 
UtilCodec.checkStringForHtmlSafe("fieldName", xssVector, errorList, new 
Locale("test"));
+        assertEquals("<script>alert('XSS vector');</script>", 
canonicalizedXssVector);
+        assertEquals(1, errorList.size());
+        assertEquals("In field [fieldName] by our input policy, your input has 
not been accepted for security reason. "
+                + "Please check and modify accordingly, thanks.", 
errorList.get(0));
+    }
+
+    
 
 }

Modified: 
ofbiz/branches/release16.11/framework/common/config/SecurityUiLabels.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/framework/common/config/SecurityUiLabels.xml?rev=1859880&r1=1859879&r2=1859880&view=diff
==============================================================================
--- ofbiz/branches/release16.11/framework/common/config/SecurityUiLabels.xml 
(original)
+++ ofbiz/branches/release16.11/framework/common/config/SecurityUiLabels.xml 
Fri May 24 13:57:20 2019
@@ -695,6 +695,22 @@
         <value xml:lang="zh">受保护的视图</value>
         <value xml:lang="zh-TW">受保護的檢視</value>
     </property>
+    <property key="PolicyNoneMixedOrDouble">
+        <value xml:lang="en">In field [${valueName}] found character escaping 
(mixed or double) that is not allowed or other format consistency error: 
</value>
+        <value xml:lang="fr">Le champ "${valueName}" contient un caractère 
d'échappement (mixte ou double) qui n'est pas autorisé ou une autre erreur de 
cohérence de format : </value>
+    </property>
+    <property key="PolicyNoneLess-thanGreater-than">
+        <value xml:lang="en">In field [${valueName}] less-than (&lt;) and 
greater-than (&gt;) symbols are not allowed.</value>
+        <value xml:lang="fr">Dans le champ "${valueName}" les symboles 
inférieurs (&lt;) et supérieurs (&gt;) ne sont pas autorisés.</value>
+    </property>
+    <property key="PolicyNoneJsEvents">
+        <value xml:lang="en">In field [${valueName}] Javascript events are not 
allowed.</value>
+        <value xml:lang="fr">Dans le champ "${valueName}" les événements 
Javascript ne sont pas autorisés.</value>
+    </property>
+    <property key="PolicySafe">
+        <value xml:lang="en">In field [${valueName}] by our input policy, your 
input has not been accepted for security reason. Please check and modify 
accordingly, thanks.</value>
+        <value xml:lang="fr">Dans le champ "${valueName}", conformément à 
notre politique de saisie, votre saisie n'a pas été acceptée pour des 
raisons de sécurité. Veuillez vérifier et modifier en conséquence, 
merci.</value>
+    </property>
     <property key="ResetPassword">
         <value xml:lang="en">Click Here To Reset Password</value>
         <value xml:lang="fr">Cliquez ici pour créer un nouveau mot de 
passe</value>

Modified: ofbiz/branches/release16.11/framework/common/servicedef/services.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/framework/common/servicedef/services.xml?rev=1859880&r1=1859879&r2=1859880&view=diff
==============================================================================
--- ofbiz/branches/release16.11/framework/common/servicedef/services.xml 
(original)
+++ ofbiz/branches/release16.11/framework/common/servicedef/services.xml Fri 
May 24 13:57:20 2019
@@ -63,7 +63,7 @@ under the License.
         <description>Create a new note record</description>
         <attribute name="partyId" type="String" mode="INOUT" optional="true"/>
         <attribute name="noteName" type="String" mode="IN" optional="true"/>
-        <attribute name="note" type="String" mode="IN" allow-html="any"/>
+        <attribute name="note" type="String" mode="IN" allow-html="safe"/>
         <attribute name="noteId" type="String" mode="OUT"/>
     </service>
 
@@ -71,7 +71,7 @@ under the License.
         <description>Update a note record</description>
         <auto-attributes include="pk" mode="IN" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
-        <override name="noteInfo" allow-html="any"/>
+        <override name="noteInfo" allow-html="safe"/>
     </service>
 
     <service name="adjustDebugLevels" engine="java"
@@ -100,7 +100,7 @@ under the License.
         <auto-attributes include="pk" mode="OUT" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
         <override name="enumTypeId" optional="false"/>
-        <override name="description" optional="false" allow-html="any"/>
+        <override name="description" optional="false" allow-html="safe"/>
     </service>
     <service name="updateEnumeration" default-entity-name="Enumeration" 
engine="entity-auto" invoke="update" auth="true">
         <description>Update a Enumeration</description>
@@ -108,7 +108,7 @@ under the License.
         <auto-attributes include="pk" mode="IN" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
         <override name="enumTypeId" optional="false"/>
-        <override name="description" optional="false" allow-html="any"/>
+        <override name="description" optional="false" allow-html="safe"/>
     </service>
     <service name="deleteEnumeration" default-entity-name="Enumeration" 
engine="entity-auto" invoke="delete" auth="true">
         <description>Delete a Enumeration</description>

Modified: 
ofbiz/branches/release16.11/framework/common/servicedef/services_email.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/framework/common/servicedef/services_email.xml?rev=1859880&r1=1859879&r2=1859880&view=diff
==============================================================================
--- ofbiz/branches/release16.11/framework/common/servicedef/services_email.xml 
(original)
+++ ofbiz/branches/release16.11/framework/common/servicedef/services_email.xml 
Fri May 24 13:57:20 2019
@@ -42,7 +42,7 @@ under the License.
         <attribute name="sendFailureNotification" mode="IN" type="Boolean" 
optional="true"/>
         <attribute name="sendPartial" mode="IN" type="Boolean" 
optional="true"/>
         <attribute name="startTLSEnabled" mode="IN" type="Boolean" 
optional="true"/>
-        <attribute name="subject" type="String" mode="INOUT" optional="true" 
allow-html="any"/>
+        <attribute name="subject" type="String" mode="INOUT" optional="true" 
allow-html="safe"/>
         <attribute name="contentType" type="String" mode="INOUT" 
optional="true"/>
         <attribute name="partyId" type="String" mode="INOUT" optional="true"/>
         <attribute name="messageId" type="String" mode="INOUT" 
optional="true"/>
@@ -51,12 +51,12 @@ under the License.
         <attribute name="custRequestId" type="String" mode="INOUT" 
optional="true"/>
         <attribute name="messageWrapper" 
type="org.apache.ofbiz.service.mail.MimeMessageWrapper" mode="OUT" 
optional="true"/><!-- mail can be disabled in general.properties so no output 
-->
         <!--  used for parsing and ECAs -->
-        <attribute name="communicationEventId" type="String" mode="INOUT" 
optional="true"/>        
+        <attribute name="communicationEventId" type="String" mode="INOUT" 
optional="true"/>
     </service>
     <service name="sendMailOnePartInterface"  engine="interface" location="" 
invoke="">
         <description>Interface service for sendMail* services.</description>
         <implements service="sendMailInterface"/>
-        <attribute name="body" type="String" mode="INOUT" optional="false" 
allow-html="any"/>        
+        <attribute name="body" type="String" mode="INOUT" optional="false" 
allow-html="any"/>
         <override name="contentType" mode="INOUT"/>
         <override name="subject" mode="INOUT" optional="false"/>
         <override name="emailType" type="String" mode="INOUT" optional="true"/>
@@ -119,7 +119,7 @@ under the License.
         location="org.apache.ofbiz.common.email.EmailServices" 
invoke="sendMailFromScreen">
         <description>Send E-Mail From Screen Widget Service</description>
         <implements service="sendMailFromScreenInterface"/>
-        <attribute name="hideInLog" type="Boolean" mode="IN" optional="true"/> 
                       
+        <attribute name="hideInLog" type="Boolean" mode="IN" optional="true"/>
     </service>
     <service name="sendMailHiddenInLogFromScreen" max-retry="3" engine="java" 
hideResultInLog="true"
         location="org.apache.ofbiz.common.email.EmailServices" 
invoke="sendMailHiddenInLogFromScreen">
@@ -144,7 +144,7 @@ under the License.
         <description>Send Template Based Notification Service</description>
         <implements service="sendMailInterface"/>
         <attribute name="body" type="String" mode="INOUT" optional="true" 
allow-html="any"/>
-        <attribute name="baseUrl" type="String" mode="IN" optional="true" 
allow-html="any"/>
+        <attribute name="baseUrl" type="String" mode="IN" optional="true" 
allow-html="safe"/>
         <attribute name="templateName" type="String" mode="IN" 
optional="false"/>
         <attribute name="templateData" type="Map" mode="IN" optional="true"/>
         <attribute name="webSiteId" type="String" mode="IN" optional="true"/>

Modified: ofbiz/branches/release16.11/framework/service/dtd/services.xsd
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/framework/service/dtd/services.xsd?rev=1859880&r1=1859879&r2=1859880&view=diff
==============================================================================
--- ofbiz/branches/release16.11/framework/service/dtd/services.xsd (original)
+++ ofbiz/branches/release16.11/framework/service/dtd/services.xsd Fri May 24 
13:57:20 2019
@@ -356,16 +356,13 @@ under the License.
         <xs:attribute name="allow-html" use="optional" default="none">
             <xs:annotation>
                 <xs:documentation>
-                    Applies only to String fields.
-                    Only checked for incoming parameters/attributes (could 
change in the future, but this is meant for validating input from users, other 
systems, etc).
-                    Defaults to "none" meaning no HTML is allowed (will result 
in an error message).
-                    If some HTML is desired then use "any".
-                    There was previously "safe" but it's deprecated
+                    See the documentation on the allow-html attribute of the 
"attribute" element.
                 </xs:documentation>
             </xs:annotation>
             <xs:simpleType>
                 <xs:restriction base="xs:token">
                     <xs:enumeration value="any"/>
+                    <xs:enumeration value="safe"/>
                     <xs:enumeration value="none"/>
                 </xs:restriction>
             </xs:simpleType>
@@ -437,12 +434,14 @@ under the License.
                 Applies only to String fields.
                 Only checked for incoming parameters/attributes (could change 
in the future, but this is meant for validating input from users, other 
systems, etc).
                 Defaults to "none" meaning no HTML is allowed (will result in 
an error message).
-                If some HTML is desired then use "any".
-                There was previously "safe" but it's deprecated
+                If some HTML is desired then use "safe" which will follow the 
rules in the default custom safe policy file (CustomSafePolicy.java, see also 
owasp.properties). 
+                This should be safe for both internal and public users. You 
may want to provide your own custom safe policy file to adapt to you needs.
+                In rare cases when users are trusted or it is not a sensitive 
field the "any" option may be used to not check the HTML content at all.
             </xs:documentation></xs:annotation>
             <xs:simpleType>
                 <xs:restriction base="xs:token">
                     <xs:enumeration value="any"/>
+                    <xs:enumeration value="safe"/>
                     <xs:enumeration value="none"/>
                 </xs:restriction>
             </xs:simpleType>
@@ -491,16 +490,14 @@ under the License.
         <xs:attribute name="allow-html" use="optional">
             <xs:annotation>
                 <xs:documentation>
-                    Applies only to String fields.
-                    Only checked for incoming parameters/attributes (could 
change in the future, but this is meant for validating input from users, other 
systems, etc).
-                    There is no default, "none" means no HTML is allowed (will 
result in an error message).
-                    If some HTML is desired then use "any".
-                    There was previously "safe" but it's deprecated
+                    See the documentation on the allow-html attribute of the 
"attribute" element. 
+                    Note that it is slightly different here as there is no 
default.
                 </xs:documentation>
             </xs:annotation>
             <xs:simpleType>
                 <xs:restriction base="xs:token">
                     <xs:enumeration value="any"/>
+                    <xs:enumeration value="safe"/>
                     <xs:enumeration value="none"/>
                 </xs:restriction>
             </xs:simpleType>

Modified: 
ofbiz/branches/release16.11/framework/service/src/main/java/org/apache/ofbiz/service/ModelService.java
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/framework/service/src/main/java/org/apache/ofbiz/service/ModelService.java?rev=1859880&r1=1859879&r2=1859880&view=diff
==============================================================================
--- 
ofbiz/branches/release16.11/framework/service/src/main/java/org/apache/ofbiz/service/ModelService.java
 (original)
+++ 
ofbiz/branches/release16.11/framework/service/src/main/java/org/apache/ofbiz/service/ModelService.java
 Fri May 24 13:57:20 2019
@@ -590,7 +590,11 @@ public class ModelService extends Abstra
                 if (context.get(modelParam.name) != null && 
("String".equals(modelParam.type) || 
"java.lang.String".equals(modelParam.type)) 
                         && !"any".equals(modelParam.allowHtml) && 
("INOUT".equals(modelParam.mode) || "IN".equals(modelParam.mode))) {
                     String value = (String) context.get(modelParam.name);
-                    UtilCodec.checkStringForHtmlStrictNone(modelParam.name, 
value, errorMessageList);
+                    if ("none".equals(modelParam.allowHtml)) {
+                        
UtilCodec.checkStringForHtmlStrictNone(modelParam.name, value, 
errorMessageList, (Locale) context.get("locale"));
+                    } else if ("safe".equals(modelParam.allowHtml)) {
+                        UtilCodec.checkStringForHtmlSafe(modelParam.name, 
value, errorMessageList, (Locale) context.get("locale"));
+                    }
                 }
             }
             if (errorMessageList.size() > 0) {

Reply via email to