Generated task forms do not allow to use unicode characters in String fields. User has to rewrite javascript validating methods manually. In particular this method uses only simple regular expression: function isAlphanumeric(elem){ var alphaExp = /^[a-zA-Z0-9\_ .-@]+$/; if(elem.value.match(alphaExp)){ return true; } else { return false; } } Some validation should be there to prevent cross site scripting attack, but the user should not be limited only to English alphabet, for example the string "příliš žluťoučký kůň úpěl ďábelské ódy" should be possible to enter without additional javascript code modification.
Great catch - since we use regex built into JS for this, I cannot write an expression that includes unicode characters, so let me know what you would like to do: 1) Remove default error checking in generated forms (easy) 2) Start using a library like http://xregexp.com/plugins/ for example which would allow us to do what you are asking, however would introduce more problems because forms should be stand-alone, and with this we would depend on either hard-coding the library code into the form, or making it available somewhere on the net which is not always easy to do. Let me know if 1) or 2) would work for you or if you have any other ideas. Thanks.
For me the simplest solution would be to rewrite current javascript functions to be less limiting in validation. That means they won't control each alphabet character, but they just won't allow to enter dangerous characters like <, >, ' and perhaps more, which create an attacking potential. What do you think?
That is better approach. Will do. I don't think we should include any preventions of XSS because if we miss anything users can come back at us :) That should be completely user-driven, is that OK?
Added support for UTF-8 in regex expressions..your test case should validate without problems now. Checked into master.Raise blocker flag if this is for 5.3.1.
Fixed in 2.3.x Designer branch.
Verified in BRMS 5.3.1 ER4.
This product has been discontinued or is no longer tracked in Red Hat Bugzilla.