diff options
Diffstat (limited to 'framework')
| -rw-r--r-- | framework/Web/UI/WebControls/THyperLink.php | 8 | ||||
| -rw-r--r-- | framework/Xml/TXmlDocument.php | 4 |
2 files changed, 4 insertions, 8 deletions
diff --git a/framework/Web/UI/WebControls/THyperLink.php b/framework/Web/UI/WebControls/THyperLink.php index 1a5db69d..5489727c 100644 --- a/framework/Web/UI/WebControls/THyperLink.php +++ b/framework/Web/UI/WebControls/THyperLink.php @@ -22,10 +22,6 @@ * If both {@link getImageUrl ImageUrl} and {@link getText Text} are empty,
* the content enclosed within the control tag will be rendered.
*
- * Note, {@link getText Text} is not HTML-encoded when displayed.
- * Make sure it does not contain unwanted characters that may bring
- * security vulnerabilities.
- *
* @author Qiang Xue <qiang.xue@gmail.com>
* @version $Revision: $ $Date: $
* @package System.Web.UI.WebControls
@@ -66,7 +62,7 @@ class THyperLink extends TWebControl if(($imageUrl=$this->getImageUrl())==='')
{
if(($text=$this->getText())!=='')
- $writer->write($text);
+ $writer->write(THttpUtility::htmlEncode($text));
else
parent::renderContents($writer);
}
@@ -77,7 +73,7 @@ class THyperLink extends TWebControl if(($toolTip=$this->getToolTip())!=='')
$image->setToolTip($toolTip);
if(($text=$this->getText())!=='')
- $image->setAlternateText($text);
+ $image->setAlternateText(THttpUtility::htmlEncode($text));
$image->renderControl($writer);
}
}
diff --git a/framework/Xml/TXmlDocument.php b/framework/Xml/TXmlDocument.php index 46181761..ab4b0b7a 100644 --- a/framework/Xml/TXmlDocument.php +++ b/framework/Xml/TXmlDocument.php @@ -35,11 +35,11 @@ class TXmlElement extends TComponent /** * @var string tagname of this element */ - private $_tagName; + private $_tagName='unknown'; /** * @var string text enclosed between openning and closing tags of this element */ - private $_value; + private $_value=''; /** * @var TXmlElementList list of child elements of this element */ |