SLNG-1252

Earlier the the repo webscripts for wiki, blog, forum/discussions and comments stripped the userinput (content field) from un-safe html tags such as scripts. Only white listed tags was allowed (specified in StringUtils.safeTags). Now <strong> and <em> has been added to the list but the method to strip away the tags, StringUtils.stripUnsafeHTML() is no longer used from these scripts. Instead the share webtier is doing the cleaning of these tags when they are rendered using a html.ftl file. (this is the case for the wiki) If they are requested from the client directly through an ajax proxy call the result is stripped using the Alfresco.util.stripUnsafeHTML in alfresco.js. (this is the case for blog, forum/discussions and comments). base.css has been updated to display "rich content", in other words user input that has been formatted, correctly. A new mimetype for installing air applications has also been added to the list of mime types. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@11003 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2008-09-24 13:29:07 +00:00
parent 228170f2a6
commit 3eb87fa484
4 changed files with 6 additions and 6 deletions
--- a/config/alfresco/templates/webscripts/org/alfresco/repository/blogs/blogpost.lib.ftl
+++ b/config/alfresco/templates/webscripts/org/alfresco/repository/blogs/blogpost.lib.ftl
@@ -18,9 +18,9 @@
 <#macro addContent item>
 <#escape x as jsonUtils.encodeJSONString(x)>
   <#if (contentLength?? && contentLength > -1 && (item.node.content?length > contentLength))>
-      "content" : "${stringUtils.stripUnsafeHTML(item.node.content?substring(0, contentLength))}",
+      "content" : "${item.node.content?substring(0, contentLength)}",
   <#else>
-      "content" : "${stringUtils.stripUnsafeHTML(item.node.content)}",
+      "content" : "${item.node.content}",
   </#if>
 </#escape>
 </#macro>
--- a/config/alfresco/templates/webscripts/org/alfresco/repository/comments/comment.lib.ftl
+++ b/config/alfresco/templates/webscripts/org/alfresco/repository/comments/comment.lib.ftl
@@ -24,7 +24,7 @@
   "nodeRef" : "${item.node.nodeRef}",
   "name" : "${item.node.properties.name!''}",
    "title" : "${item.node.properties.title!''}",
-   "content" : "${stringUtils.stripUnsafeHTML(item.node.content)}",
+   "content" : "${item.node.content}",
   <#if item.author??>
   <@renderPerson person=item.author fieldName="author" />
   <#else>
--- a/config/alfresco/templates/webscripts/org/alfresco/repository/discussions/post.lib.ftl
+++ b/config/alfresco/templates/webscripts/org/alfresco/repository/discussions/post.lib.ftl
@@ -16,9 +16,9 @@
 <#macro addContent post>
 <#escape x as jsonUtils.encodeJSONString(x)>
   <#if (contentLength?? && contentLength > -1 && (post.content?length > contentLength))>
-      "content" : "${stringUtils.stripUnsafeHTML(post.content?substring(0, contentLength))}",
+      "content" : "${post.content?substring(0, contentLength)}",
   <#else>
-      "content" : "${stringUtils.stripUnsafeHTML(post.content)}",
+      "content" : "${post.content}",
   </#if>
 </#escape>
 </#macro>
--- a/config/alfresco/templates/webscripts/org/alfresco/slingshot/wiki/pagelist.get.json.ftl
+++ b/config/alfresco/templates/webscripts/org/alfresco/slingshot/wiki/pagelist.get.json.ftl
@@ -10,7 +10,7 @@
         "editable" : "<#if page.hasPermission("Write")>true<#else>false</#if>",
         "title" : "<#if page.properties.title?exists>${page.properties.title}<#else>${page.name?replace("_", " ")}</#if>",
         <#-- Strip out any HTML tags -->
-         "text" : "${page.content?replace("</?[^>]+>", " ", "ir")}",
+         "text" : "${page.content}",
         "tags" : [
             <#list p.tags as tag>
                "${tag}"<#if tag_has_next>,</#if>