continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brent Atkinson <brent.atkin...@gmail.com>
Subject Re: Strange behavior on 1.4.2
Date Wed, 12 Aug 2015 00:35:18 GMT
Hi Louis,

There isn't a global fix unfortunately. It appears input for a number of
controls was white-listed in order to prevent cross site scripting (XSS)
vulnerabilities, as described in
https://issues.apache.org/jira/browse/CONTINUUM-2620. You are welcome to
submit an issue and an appropriate patch expanding the input allowed for
the controls in question. From your email, it seems you would only need to
expand the argument fields.

Brent

On Tue, Aug 4, 2015 at 4:57 PM, Louis Smith <dr.louis.smith@gmail.com>
wrote:

> One of the technologies that we have under Continuum management at one of
> my clients is Oracle Forms.
>
> The vendor supplied scripts to build/deploy require parameters including a
> database linkage parm in the form of id/pw@instance
>
> This seems to now have an issue - reporting "Arguments contains invalid
> characters".
>
> Looks like BuildDefinitionAction-saveBuildDefinition-validation.xml has
> gotten more aggressive in checking the arguments line.
>
> Advice on an easy "global" fix for this, or do I need to edit all the
> validation.xml files?
>
> Thanks,
>
> Louis
>
> Dr. Louis Smith, ThD
> Chief Technology Officer, Kyra Solutions, Inc.
> Museum Director, Veterans Memorial Railroad
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message