diff options
| author | xue <> | 2006-05-30 03:26:33 +0000 |
|---|---|---|
| committer | xue <> | 2006-05-30 03:26:33 +0000 |
| commit | 6e0338629774fffe5fbe7136dfce34ce83844a5c (patch) | |
| tree | 9520eaa7c3c278b5ebf525a0d1e09f0a4cdf7779 /framework | |
| parent | 7f508e187e4539a16cdbb1dd6a4b1133c53cf24d (diff) | |
Blog demo is completed.
Diffstat (limited to 'framework')
| -rw-r--r-- | framework/Web/UI/WebControls/THyperLink.php | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/framework/Web/UI/WebControls/THyperLink.php b/framework/Web/UI/WebControls/THyperLink.php index 1a5db69d..5489727c 100644 --- a/framework/Web/UI/WebControls/THyperLink.php +++ b/framework/Web/UI/WebControls/THyperLink.php @@ -22,10 +22,6 @@ * If both {@link getImageUrl ImageUrl} and {@link getText Text} are empty,
* the content enclosed within the control tag will be rendered.
*
- * Note, {@link getText Text} is not HTML-encoded when displayed.
- * Make sure it does not contain unwanted characters that may bring
- * security vulnerabilities.
- *
* @author Qiang Xue <qiang.xue@gmail.com>
* @version $Revision: $ $Date: $
* @package System.Web.UI.WebControls
@@ -66,7 +62,7 @@ class THyperLink extends TWebControl if(($imageUrl=$this->getImageUrl())==='')
{
if(($text=$this->getText())!=='')
- $writer->write($text);
+ $writer->write(THttpUtility::htmlEncode($text));
else
parent::renderContents($writer);
}
@@ -77,7 +73,7 @@ class THyperLink extends TWebControl if(($toolTip=$this->getToolTip())!=='')
$image->setToolTip($toolTip);
if(($text=$this->getText())!=='')
- $image->setAlternateText($text);
+ $image->setAlternateText(THttpUtility::htmlEncode($text));
$image->renderControl($writer);
}
}
|