diff options
author | ctrlaltca@gmail.com <> | 2011-07-06 13:23:26 +0000 |
---|---|---|
committer | ctrlaltca@gmail.com <> | 2011-07-06 13:23:26 +0000 |
commit | 07a205ffd62910c79e09c5fd5247868c4b163ec5 (patch) | |
tree | 61632c2f91911f07d99951a5ea632b54ce87b260 /framework/Web/UI/WebControls | |
parent | 907d785046834eacb492a88a0eab9f349921de8d (diff) |
fix for #341
Diffstat (limited to 'framework/Web/UI/WebControls')
-rw-r--r-- | framework/Web/UI/WebControls/TSafeHtml.php | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/framework/Web/UI/WebControls/TSafeHtml.php b/framework/Web/UI/WebControls/TSafeHtml.php index f9bcca46..491dde0a 100644 --- a/framework/Web/UI/WebControls/TSafeHtml.php +++ b/framework/Web/UI/WebControls/TSafeHtml.php @@ -4,7 +4,7 @@ *
* @author Wei Zhuo <weizhuo[at]gmail[dot]com>
* @link http://www.pradosoft.com/
- * @copyright Copyright © 2005-2011 PradoSoft + * @copyright Copyright © 2005-2011 PradoSoft
* @license http://www.pradosoft.com/license/
* @version $Id$
* @package System.Web.UI.WebControls
@@ -14,7 +14,7 @@ * TSafeHtml class
*
* TSafeHtml is a control that strips down all potentially dangerous
- * HTML content. It is mainly a wrapper of {@link http://pixel-apes.com/safehtml/ SafeHTML}
+ * HTML content. It is mainly a wrapper of {@link http://pear.php.net/package/SafeHTML SafeHTML}
* project. According to the SafeHTML project, it tries to safeguard
* the following situations when the string is to be displayed to end-users,
* - Opening tag without its closing tag
@@ -30,6 +30,9 @@ * To use TSafeHtml, simply enclose the content to be secured within
* the body of TSafeHtml in a template.
*
+ * If the content is encoded in UTF-7, you'll need to enable the {@link setRepackUTF7 RepackUTF7} property
+ * to ensure the contents gets parsed correctly.
+ *
* @author Wei Zhuo <weizhuo[at]gmail[dot]com>
* @version $Id$
* @package System.Web.UI.WebControls
@@ -38,6 +41,24 @@ class TSafeHtml extends TControl
{
/**
+ * Sets whether to parse the contents as UTF-7. This property enables a routine
+ * that repacks the content as UTF-7 before parsing it. Defaults to false.
+ * @param boolean whether to parse the contents as UTF-7
+ */
+ public function setRepackUTF7($value)
+ {
+ $this->setViewState('RepackUTF7',TPropertyValue::ensureBoolean($value),false);
+ }
+
+ /**
+ * @return boolean whether to parse the contents as UTF-7. Defaults to false.
+ */
+ public function getRepackUTF7()
+ {
+ return $this->getViewState('RepackUTF7',false);
+ }
+
+ /**
* Renders body content.
* This method overrides parent implementation by removing
* malicious javascript code from the body content
@@ -58,7 +79,7 @@ class TSafeHtml extends TControl protected function parseSafeHtml($text)
{
$renderer = Prado::createComponent('System.3rdParty.SafeHtml.TSafeHtmlParser');
- return $renderer->parse($text);
+ return $renderer->parse($text, $this->getRepackUTF7());
}
}
|