Escaping + Birt Security

<p><span style="font-size:13px;color:rgb(0,0,0);font-family:'Open Sans', 'Helvetica Neue', Helvetica, Arial, sans-serif;font-style:normal;font-weight:normal;">How does Birt evaluate Content from Dataset-Fields? Are there any escaping?<br><br>
Sample:<br><br>
My Dataset has as a String-Field. The return value is "<script>Packages.java.lang.System.out.println("Hello World");</script>"<br><br>
If I use the Dataset in a Label I get the Content of the value:<br><br>
"<script>Packages.java.lang.System.out.println("Hello World");</script>"<br><br>
If I use it in a textfield with HTML Content, the value of the vield wouldn't display and is away.<br><br>
What does Birt do with Field-Values, which has "Tags"included? Some would processed, I know, like "<b>" or "<i>", but some not. Like "<script>". Is there any Black-/Whitelist for Tags? What would happend with the "<script>" Tag?</span><span style="color:rgb(0,0,0);font-family:'Open Sans', 'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;font-style:normal;font-weight:normal;background-color:rgb(244,244,244);"><span> </span></span></p>

Find more posts tagged with

Comments

There are no comments yet