Skip to content
GitLab

erp5_json_editor: Sanitize and update description on schema 

  Remove forbidden properties when retrieve the properties from the schema.

      - template and options isn't  part of json schema spec, so it isn't possible to use this feature globally.
      - template also could be used to call callbacks, so despite we block unsafe-eval, it still better remove it.
      - both were removed because it can lead to parameter injection, where by saving the form w/o editing anything, it changes the parameters, it adds non-visible values, which can up to some extend be a security risk.

   Update the description to display the "default" value as a hint, if it was provided into the schema.
12 jobs for erp5-vifib
in 0 seconds, using 0 compute credits, and was queued for 0 seconds
a0d6ab94
No related merge requests found.
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7