Blog demo is completed.

author: xue <> 2006-05-30 03:26:33 +0000
committer: xue <> 2006-05-30 03:26:33 +0000
commit: 6e0338629774fffe5fbe7136dfce34ce83844a5c (patch)
tree: 9520eaa7c3c278b5ebf525a0d1e09f0a4cdf7779 /framework/Web/UI/WebControls
parent: 7f508e187e4539a16cdbb1dd6a4b1133c53cf24d (diff)
1 files changed, 2 insertions, 6 deletions
diff --git a/framework/Web/UI/WebControls/THyperLink.php b/framework/Web/UI/WebControls/THyperLink.php
index 1a5db69d..5489727c 100644
--- a/framework/Web/UI/WebControls/THyperLink.php
+++ b/framework/Web/UI/WebControls/THyperLink.php
@@ -22,10 +22,6 @@
  * If both {@link getImageUrl ImageUrl} and {@link getText Text} are empty,
  * the content enclosed within the control tag will be rendered.
  *
- * Note, {@link getText Text} is not HTML-encoded when displayed.
- * Make sure it does not contain unwanted characters that may bring
- * security vulnerabilities.
- *
  * @author Qiang Xue <qiang.xue@gmail.com>
  * @version $Revision: $  $Date: $
  * @package System.Web.UI.WebControls
@@ -66,7 +62,7 @@ class THyperLink extends TWebControl
 		if(($imageUrl=$this->getImageUrl())==='')
 		{
 			if(($text=$this->getText())!=='')
-				$writer->write($text);
+				$writer->write(THttpUtility::htmlEncode($text));
 			else
 				parent::renderContents($writer);
 		}
@@ -77,7 +73,7 @@ class THyperLink extends TWebControl
 			if(($toolTip=$this->getToolTip())!=='')
 				$image->setToolTip($toolTip);
 			if(($text=$this->getText())!=='')
-				$image->setAlternateText($text);
+				$image->setAlternateText(THttpUtility::htmlEncode($text));
 			$image->renderControl($writer);
 		}
 	}
author	xue <>	2006-05-30 03:26:33 +0000
committer	xue <>	2006-05-30 03:26:33 +0000
commit	6e0338629774fffe5fbe7136dfce34ce83844a5c (patch)
tree	9520eaa7c3c278b5ebf525a0d1e09f0a4cdf7779 /framework/Web/UI/WebControls
parent	7f508e187e4539a16cdbb1dd6a4b1133c53cf24d (diff)