From 3eb87fa484bc48980abb04cbf7d1c1f20539144c Mon Sep 17 00:00:00 2001
From: Erik Winlof <erik.winlof@alfresco.com>
Date: Wed, 24 Sep 2008 13:29:07 +0000
Subject: [PATCH] SLNG-1252

Earlier the the repo webscripts for wiki, blog, forum/discussions and comments stripped the userinput (content field) from un-safe html tags such as scripts. Only white listed tags was allowed (specified in StringUtils.safeTags). Now <strong> and <em> has been added to the list but the method to strip away the tags, StringUtils.stripUnsafeHTML() is no longer used from these scripts.

Instead the share webtier is doing the cleaning of these tags when they are rendered using a html.ftl file. (this is the case for the wiki)
If they are requested from the client directly through an ajax proxy call the result is stripped using the Alfresco.util.stripUnsafeHTML in alfresco.js. (this is the case for blog, forum/discussions and comments).

base.css has been updated to display "rich content", in other words user input that has been formatted, correctly.

A new mimetype for installing air applications has also been added to the list of mime types.

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@11003 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../webscripts/org/alfresco/repository/blogs/blogpost.lib.ftl | 4 ++--
 .../org/alfresco/repository/comments/comment.lib.ftl          | 2 +-
 .../org/alfresco/repository/discussions/post.lib.ftl          | 4 ++--
 .../org/alfresco/slingshot/wiki/pagelist.get.json.ftl         | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/blogs/blogpost.lib.ftl b/config/alfresco/templates/webscripts/org/alfresco/repository/blogs/blogpost.lib.ftl
index 76f7557f9b..0c843cac6d 100644
--- a/config/alfresco/templates/webscripts/org/alfresco/repository/blogs/blogpost.lib.ftl
+++ b/config/alfresco/templates/webscripts/org/alfresco/repository/blogs/blogpost.lib.ftl
@@ -18,9 +18,9 @@
 <#macro addContent item>
 <#escape x as jsonUtils.encodeJSONString(x)>
    <#if (contentLength?? && contentLength > -1 && (item.node.content?length > contentLength))>
-      "content" : "${stringUtils.stripUnsafeHTML(item.node.content?substring(0, contentLength))}",
+      "content" : "${item.node.content?substring(0, contentLength)}",
    <#else>
-      "content" : "${stringUtils.stripUnsafeHTML(item.node.content)}",
+      "content" : "${item.node.content}",
    </#if>
 </#escape>
 </#macro>
diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/comments/comment.lib.ftl b/config/alfresco/templates/webscripts/org/alfresco/repository/comments/comment.lib.ftl
index 3a2b299e60..691a45691b 100644
--- a/config/alfresco/templates/webscripts/org/alfresco/repository/comments/comment.lib.ftl
+++ b/config/alfresco/templates/webscripts/org/alfresco/repository/comments/comment.lib.ftl
@@ -24,7 +24,7 @@
    "nodeRef" : "${item.node.nodeRef}",
    "name" : "${item.node.properties.name!''}",
     "title" : "${item.node.properties.title!''}",
-   "content" : "${stringUtils.stripUnsafeHTML(item.node.content)}",
+   "content" : "${item.node.content}",
    <#if item.author??>
    <@renderPerson person=item.author fieldName="author" />
    <#else>
diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/discussions/post.lib.ftl b/config/alfresco/templates/webscripts/org/alfresco/repository/discussions/post.lib.ftl
index f059792367..2e82c5a1d5 100644
--- a/config/alfresco/templates/webscripts/org/alfresco/repository/discussions/post.lib.ftl
+++ b/config/alfresco/templates/webscripts/org/alfresco/repository/discussions/post.lib.ftl
@@ -16,9 +16,9 @@
 <#macro addContent post>
 <#escape x as jsonUtils.encodeJSONString(x)>
    <#if (contentLength?? && contentLength > -1 && (post.content?length > contentLength))>
-      "content" : "${stringUtils.stripUnsafeHTML(post.content?substring(0, contentLength))}",
+      "content" : "${post.content?substring(0, contentLength)}",
    <#else>
-      "content" : "${stringUtils.stripUnsafeHTML(post.content)}",
+      "content" : "${post.content}",
    </#if>
 </#escape>
 </#macro>
diff --git a/config/alfresco/templates/webscripts/org/alfresco/slingshot/wiki/pagelist.get.json.ftl b/config/alfresco/templates/webscripts/org/alfresco/slingshot/wiki/pagelist.get.json.ftl
index 3e9628e2bb..d888d0369d 100644
--- a/config/alfresco/templates/webscripts/org/alfresco/slingshot/wiki/pagelist.get.json.ftl
+++ b/config/alfresco/templates/webscripts/org/alfresco/slingshot/wiki/pagelist.get.json.ftl
@@ -10,7 +10,7 @@
          "editable" : "<#if page.hasPermission("Write")>true<#else>false</#if>",
          "title" : "<#if page.properties.title?exists>${page.properties.title}<#else>${page.name?replace("_", " ")}</#if>",
          <#-- Strip out any HTML tags -->
-         "text" : "${page.content?replace("</?[^>]+>", " ", "ir")}",
+         "text" : "${page.content}",
          "tags" : [
              <#list p.tags as tag>
                 "${tag}"<#if tag_has_next>,</#if>