Commit a0d6ab94 authored by Rafael Monnerat's avatar Rafael Monnerat

erp5_json_editor: Sanitize and update description on schema

  Remove forbidden properties when retrieve the properties from the schema.

      - template and options isn't  part of json schema spec, so it isn't possible to use this feature globally.
      - template also could be used to call callbacks, so despite we block unsafe-eval, it still better remove it.
      - both were removed because it can lead to parameter injection, where by saving the form w/o editing anything, it changes the parameters, it adds non-visible values, which can up to some extend be a security risk.

   Update the description to display the "default" value as a hint, if it was provided into the schema.
parent e209623a
Pipeline #33540 failed with stage
in 0 seconds