2 files changed, 11 insertions, 1 deletions
diff --git a/demos/quickstart/protected/controls/Layout.tpl b/demos/quickstart/protected/controls/Layout.tpl
index 586b30af..9cdc0362 100644
--- a/demos/quickstart/protected/controls/Layout.tpl
+++ b/demos/quickstart/protected/controls/Layout.tpl
@@ -33,6 +33,8 @@
 
 <div id="footer">
 Copyright &copy; 2005-2006 <a href="http://www.pradosoft.com">PradoSoft</a>.
+<br/><br/>
+<a href="http://validator.w3.org/check?uri=referer"><img border="0" src="http://www.w3.org/Icons/valid-xhtml10" alt="Valid XHTML 1.0 Transitional" height="31" width="88" /></a>
 </div>
 
 </com:TForm>
diff --git a/framework/Web/UI/WebControls/TTextBox.php b/framework/Web/UI/WebControls/TTextBox.php
index edf74a75..111fec1e 100644
--- a/framework/Web/UI/WebControls/TTextBox.php
+++ b/framework/Web/UI/WebControls/TTextBox.php
@@ -35,6 +35,14 @@
  * also be processed, which can be further restricted within
  * a {@link setValidationGroup ValidationGroup}.
  *
+ * WARNING: Be careful if you want to display the text collected via TTextBox.
+ * Malicious cross-site script may be injected in. You may use {@link getSafeText SafeText}
+ * to prevent this problem.
+ *
+ * NOTE: If you set {@link setWrap Wrap} to false or use {@link setAutoCompleteType AutoCompleteType},
+ * the generated HTML output for the textbox will not be XHTML-compatible.
+ * Currently, no alternatives are available.
+ *
  * @author Qiang Xue <qiang.xue@gmail.com>
  * @version $Revision: $  $Date: $
  * @package System.Web.UI.WebControls
@@ -135,7 +143,7 @@ class TTextBox extends TWebControl implements IPostBackDataHandler, IValidatable
 			$writer->addAttribute('disabled','disabled');
 		if($this->getAutoPostBack() && $page->getClientSupportsJavaScript())
 		{
-			$writer->addAttribute('id',$this->getClientID());			
+			$writer->addAttribute('id',$this->getClientID());
 			$this->getPage()->getClientScript()->registerPostBackControl($this);
 			/*$options = $this->getAutoPostBackOptions();
 			$scripts = $this->getPage()->getClientScript();