From 4082b3242588d71ec8b0eed0064dff6147082fd9 Mon Sep 17 00:00:00 2001 From: Erik Winlof Date: Wed, 24 Sep 2008 13:29:07 +0000 Subject: [PATCH] SLNG-1252 Earlier the the repo webscripts for wiki, blog, forum/discussions and comments stripped the userinput (content field) from un-safe html tags such as scripts. Only white listed tags was allowed (specified in StringUtils.safeTags). Now and has been added to the list but the method to strip away the tags, StringUtils.stripUnsafeHTML() is no longer used from these scripts. Instead the share webtier is doing the cleaning of these tags when they are rendered using a html.ftl file. (this is the case for the wiki) If they are requested from the client directly through an ajax proxy call the result is stripped using the Alfresco.util.stripUnsafeHTML in alfresco.js. (this is the case for blog, forum/discussions and comments). base.css has been updated to display "rich content", in other words user input that has been formatted, correctly. A new mimetype for installing air applications has also been added to the list of mime types. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@11003 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- config/alfresco/mimetype/mimetype-map.xml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/config/alfresco/mimetype/mimetype-map.xml b/config/alfresco/mimetype/mimetype-map.xml index 55e38c5d5a..1f4baf3e38 100644 --- a/config/alfresco/mimetype/mimetype-map.xml +++ b/config/alfresco/mimetype/mimetype-map.xml @@ -142,11 +142,11 @@ jpeg jpe - - jpx - jp2 - jpm - + + jpx + jp2 + jpm + svg @@ -252,6 +252,9 @@ sv4crc + + air + swf