[cvs] expresso/expresso-web/expresso/doc ChangeLog.xml

[JCorporate Ltd]

Update of /home/javacorp/.cvs/expresso/expresso/expresso-web/expresso/doc
In directory jcorp2.servlets.net:/tmp/cvs-serv28282/expresso-web/expresso/doc

Modified Files:
	ChangeLog.xml 
Log Message:
filter info


Index: ChangeLog.xml
===================================================================
RCS file: /home/javacorp/.cvs/expresso/expresso/expresso-web/expresso/doc/ChangeLog.xml,v
retrieving revision 1.233
retrieving revision 1.234
diff -C2 -d -r1.233 -r1.234
*** ChangeLog.xml	2 Aug 2004 23:35:56 -0000	1.233
--- ChangeLog.xml	4 Aug 2004 23:22:43 -0000	1.234
***************
*** 6,9 ****
--- 6,19 ----
  		<version name="5.6" releaseDate="Not Yet Released">
  			<comment>Continued Updates</comment>
+             <new-feature title="AllowedHtmlPlusURLFilter">
+                 <explanation>AllowedHtmlPlusURLFilter offers the recognition of a limited subset of HTML
+                 to be used within an input field. the subset has been chosen to offer
+                 some basic formatting without risking Cross site scripting (XSS) dangers.</explanation>
+                 <contributor>Larry Hamel</contributor>
+             </new-feature>
+             <misc-change title="HtmlFilter does not replace double-quote">
+                 <explanation>HtmlFilter does not replace double-quote now. It is not one the list of XSS characters for typical text-field usage (see http://www.cert.org/tech_tips/malicious_code_mitigation.html#4 ), and prevents proper URL recognition in HtmlPlusURLFilter.</explanation>
+                 <contributor>Larry Hamel</contributor>
+             </misc-change>
        			<new-feature title="new class - com.jcorporate.expresso.core.controller.TilesController">
        				<explanation>Expresso aware implementation of the org.apache.struts.tiles.Controller interface.