Author: jleroux
Date: Wed May 29 16:17:36 2019
New Revision: 1860354
URL: http://svn.apache.org/viewvc?rev=1860354&view=rev
Log:
Updates .xsd files
Modified:
ofbiz/site/dtds/services.xsd
ofbiz/site/dtds/site-conf.xsd
ofbiz/site/dtds/widget-form.xsd
Modified: ofbiz/site/dtds/services.xsd
URL:
http://svn.apache.org/viewvc/ofbiz/site/dtds/services.xsd?rev=1860354&r1=1860353&r2=1860354&view=diff
==============================================================================
--- ofbiz/site/dtds/services.xsd (original)
+++ ofbiz/site/dtds/services.xsd Wed May 29 16:17:36 2019
@@ -291,16 +291,13 @@ under the License.
<xs:attribute name="allow-html" use="optional" default="none">
<xs:annotation>
<xs:documentation>
- Applies only to String fields.
- Only checked for incoming parameters/attributes (could
change in the future, but this is meant for validating input from users, other
systems, etc).
- Defaults to "none" meaning no HTML is allowed (will result
in an error message).
- If some HTML is desired then use "any".
- There was previously "safe" but it's deprecated
+ See the documentation on the allow-html attribute of the
"attribute" element.
</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="any"/>
+ <xs:enumeration value="safe"/>
<xs:enumeration value="none"/>
</xs:restriction>
</xs:simpleType>
@@ -358,12 +355,14 @@ under the License.
Applies only to String fields.
Only checked for incoming parameters/attributes (could change
in the future, but this is meant for validating input from users, other
systems, etc).
Defaults to "none" meaning no HTML is allowed (will result in
an error message).
- If some HTML is desired then use "any".
- There was previously "safe" but it's deprecated
+ If some HTML is desired then use "safe" which will follow the
rules in the default custom safe policy file (CustomSafePolicy.java, see also
owasp.properties).
+ This should be safe for both internal and public users. You
may want to provide your own custom safe policy file to adapt to you needs.
+ In rare cases when users are trusted or it is not a sensitive
field the "any" option may be used to not check the HTML content at all.
</xs:documentation></xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="any"/>
+ <xs:enumeration value="safe"/>
<xs:enumeration value="none"/>
</xs:restriction>
</xs:simpleType>
@@ -411,16 +410,14 @@ under the License.
<xs:attribute name="allow-html" use="optional">
<xs:annotation>
<xs:documentation>
- Applies only to String fields.
- Only checked for incoming parameters/attributes (could
change in the future, but this is meant for validating input from users, other
systems, etc).
- There is no default, "none" means no HTML is allowed (will
result in an error message).
- If some HTML is desired then use "any".
- There was previously "safe" but it's deprecated
+ See the documentation on the allow-html attribute of the
"attribute" element.
+ Note that it is slightly different here as there is no
default.
</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="any"/>
+ <xs:enumeration value="safe"/>
<xs:enumeration value="none"/>
</xs:restriction>
</xs:simpleType>
Modified: ofbiz/site/dtds/site-conf.xsd
URL:
http://svn.apache.org/viewvc/ofbiz/site/dtds/site-conf.xsd?rev=1860354&r1=1860353&r2=1860354&view=diff
==============================================================================
--- ofbiz/site/dtds/site-conf.xsd (original)
+++ ofbiz/site/dtds/site-conf.xsd Wed May 29 16:17:36 2019
@@ -526,7 +526,7 @@ under the License.
<xs:annotation>
<xs:documentation>
Internally chains to another request.
- Automatically redirect all current request
parameters to the new request
+ Automatically redirects all current request
parameters to the new request
</xs:documentation>
</xs:annotation>
</xs:enumeration>
@@ -534,7 +534,8 @@ under the License.
<xs:annotation>
<xs:documentation>
Send a redirect down to the browser telling it
to go to the new request.
- Redirect only mentioned request parameters in
controller.xml, using redirect-param attribute
+ Automatically redirects all current request
parameters to the new request
+ or only redirected parameters specified using
redirect-param attribute.
</xs:documentation>
</xs:annotation>
</xs:enumeration>
Modified: ofbiz/site/dtds/widget-form.xsd
URL:
http://svn.apache.org/viewvc/ofbiz/site/dtds/widget-form.xsd?rev=1860354&r1=1860353&r2=1860354&view=diff
==============================================================================
--- ofbiz/site/dtds/widget-form.xsd (original)
+++ ofbiz/site/dtds/widget-form.xsd Wed May 29 16:17:36 2019
@@ -496,6 +496,11 @@ under the License.
</xs:simpleType>
</xs:attribute>
<xs:attribute type="xs:positiveInteger" name="default-position"
default="1" />
+ <xs:attribute name="include-internal" type="xs:boolean"
default="false">
+ <xs:annotation>
+ <xs:documentation>This field will let the user enable
internal fields of entity</xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="sort-order">
