Uploaded image for project: 'Nuxeo Studio'
  1. Nuxeo Studio
  2. NXS-5316

Fix operation description in the Automation Chain Editor

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: 3.12.0
    • Fix Version/s: None
    • Component/s: Automation

      Description

      The description of the operations in the Automation Chain Editor is being escaped, causing HTML code to be displayed.
      This issue could be solved by using .fromTrustedString() instead of .fromString() in this line.
      However, for that we would have to trust that the operation descriptions are always safe. Our own operations are safe, as they are exposed through our own registries. But like Mincong said in Slack:

      Operations can be declared through the registries, so we cannot relax the escaping here. I have an idea, though: what we can do is the escape at the moment the description is set (method Operation#setDescription(String)), but that means we will probably need to turn the class Operation into interface, and allow two implementations: BuiltinOperation (trusted) and CustomOperation (untrusted).

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: