Few minutes ago I almost crashed one of the demo page by simple XSS script. Current validators provide possibility to perform not only XSS but SQL injection in perspective too. To avoid this troubles can we add regexp validation for String fields? Specifically we need to prevent inpution of special symbols like “<>|”, or to escape them in database presentation.
Seems that in openMRS v1.11.x this bug was fixed ) link But on the demo still deployed v1.10.x