diff options
| author | xue <> | 2006-01-18 19:13:01 +0000 |
|---|---|---|
| committer | xue <> | 2006-01-18 19:13:01 +0000 |
| commit | e4a486b62af0895fd690588129de1190ebf7bd12 (patch) | |
| tree | f42ddc3cb022a22d6aaa87c68ca587c4c0c76434 | |
| parent | 450c56ba5c79608e03c8f102f9796ba6eb0e330d (diff) | |
| -rw-r--r-- | demos/quickstart/protected/controls/Layout.tpl | 2 | ||||
| -rw-r--r-- | framework/Web/UI/WebControls/TTextBox.php | 10 |
2 files changed, 11 insertions, 1 deletions
diff --git a/demos/quickstart/protected/controls/Layout.tpl b/demos/quickstart/protected/controls/Layout.tpl index 586b30af..9cdc0362 100644 --- a/demos/quickstart/protected/controls/Layout.tpl +++ b/demos/quickstart/protected/controls/Layout.tpl @@ -33,6 +33,8 @@ <div id="footer">
Copyright © 2005-2006 <a href="http://www.pradosoft.com">PradoSoft</a>.
+<br/><br/>
+<a href="http://validator.w3.org/check?uri=referer"><img border="0" src="http://www.w3.org/Icons/valid-xhtml10" alt="Valid XHTML 1.0 Transitional" height="31" width="88" /></a>
</div>
</com:TForm>
diff --git a/framework/Web/UI/WebControls/TTextBox.php b/framework/Web/UI/WebControls/TTextBox.php index edf74a75..111fec1e 100644 --- a/framework/Web/UI/WebControls/TTextBox.php +++ b/framework/Web/UI/WebControls/TTextBox.php @@ -35,6 +35,14 @@ * also be processed, which can be further restricted within
* a {@link setValidationGroup ValidationGroup}.
*
+ * WARNING: Be careful if you want to display the text collected via TTextBox.
+ * Malicious cross-site script may be injected in. You may use {@link getSafeText SafeText}
+ * to prevent this problem.
+ *
+ * NOTE: If you set {@link setWrap Wrap} to false or use {@link setAutoCompleteType AutoCompleteType},
+ * the generated HTML output for the textbox will not be XHTML-compatible.
+ * Currently, no alternatives are available.
+ *
* @author Qiang Xue <qiang.xue@gmail.com>
* @version $Revision: $ $Date: $
* @package System.Web.UI.WebControls
@@ -135,7 +143,7 @@ class TTextBox extends TWebControl implements IPostBackDataHandler, IValidatable $writer->addAttribute('disabled','disabled');
if($this->getAutoPostBack() && $page->getClientSupportsJavaScript())
{
- $writer->addAttribute('id',$this->getClientID());
+ $writer->addAttribute('id',$this->getClientID());
$this->getPage()->getClientScript()->registerPostBackControl($this);
/*$options = $this->getAutoPostBackOptions();
$scripts = $this->getPage()->getClientScript();
|