From 3192eb5cafef46ed5203a8cb2f7ae885e5693a47 Mon Sep 17 00:00:00 2001
From: xue <>
Date: Mon, 27 Mar 2006 03:40:01 +0000
Subject: Added demos for TExpression, TStatements, TSafeHtml and
TTextHighlighter.
---
.gitattributes | 4 +++
HISTORY | 2 ++
UPGRADE | 3 ++-
.../protected/pages/Controls/Expression.page | 2 ++
.../protected/pages/Controls/SafeHtml.page | 19 ++++++++++++++
.../pages/Controls/Samples/TExpression/Home.page | 21 ++++++++++++++++
.../pages/Controls/Samples/TSafeHtml/Home.page | 25 +++++++++++++++++++
.../pages/Controls/Samples/TStatements/Home.page | 29 ++++++++++++++++++++++
.../Controls/Samples/TTextHighlighter/Home.page | 29 ++++++++++++++++++++++
.../protected/pages/Controls/Standard.page | 2 +-
.../protected/pages/Controls/Statements.page | 2 ++
.../protected/pages/Controls/TextHighlighter.page | 12 +--------
framework/Web/UI/WebControls/TSafeHtml.php | 21 ++++++++++++++--
framework/Web/UI/WebControls/TTextHighlighter.php | 6 ++---
14 files changed, 159 insertions(+), 18 deletions(-)
create mode 100644 demos/quickstart/protected/pages/Controls/Samples/TExpression/Home.page
create mode 100644 demos/quickstart/protected/pages/Controls/Samples/TSafeHtml/Home.page
create mode 100644 demos/quickstart/protected/pages/Controls/Samples/TStatements/Home.page
create mode 100644 demos/quickstart/protected/pages/Controls/Samples/TTextHighlighter/Home.page
diff --git a/.gitattributes b/.gitattributes
index 27aea6ff..bfe295c5 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -186,6 +186,7 @@ demos/quickstart/protected/pages/Controls/Samples/TDropDownList/Home.page -text
demos/quickstart/protected/pages/Controls/Samples/TDropDownList/Home.php -text
demos/quickstart/protected/pages/Controls/Samples/TEmailAddressValidator/Home.page -text
demos/quickstart/protected/pages/Controls/Samples/TEmailAddressValidator/Home.php -text
+demos/quickstart/protected/pages/Controls/Samples/TExpression/Home.page -text
demos/quickstart/protected/pages/Controls/Samples/THyperLink/Home.page -text
demos/quickstart/protected/pages/Controls/Samples/THyperLink/hello_world.gif -text
demos/quickstart/protected/pages/Controls/Samples/TImage/HelloWorld.html -text
@@ -218,11 +219,14 @@ demos/quickstart/protected/pages/Controls/Samples/TRepeater/Sample3.page -text
demos/quickstart/protected/pages/Controls/Samples/TRepeater/Sample3.php -text
demos/quickstart/protected/pages/Controls/Samples/TRequiredFieldValidator/Home.page -text
demos/quickstart/protected/pages/Controls/Samples/TRequiredFieldValidator/Home.php -text
+demos/quickstart/protected/pages/Controls/Samples/TSafeHtml/Home.page -text
+demos/quickstart/protected/pages/Controls/Samples/TStatements/Home.page -text
demos/quickstart/protected/pages/Controls/Samples/TTable/Home.page -text
demos/quickstart/protected/pages/Controls/Samples/TTable/Home.php -text
demos/quickstart/protected/pages/Controls/Samples/TTable/backimage.gif -text
demos/quickstart/protected/pages/Controls/Samples/TTextBox/Home.page -text
demos/quickstart/protected/pages/Controls/Samples/TTextBox/Home.php -text
+demos/quickstart/protected/pages/Controls/Samples/TTextHighlighter/Home.page -text
demos/quickstart/protected/pages/Controls/Samples/TValidationSummary/Home.page -text
demos/quickstart/protected/pages/Controls/Samples/TValidationSummary/Home.php -text
demos/quickstart/protected/pages/Controls/Samples/TWizard/Sample1.page -text
diff --git a/HISTORY b/HISTORY
index 6ac5f3fa..5bae4e3e 100644
--- a/HISTORY
+++ b/HISTORY
@@ -7,6 +7,8 @@ BUG: Ticket#95 - Typo in TTemplateControl::registerContentPlaceHolder (Qiang)
BUG: SF#1446846 - Typo in THead (Qiang)
BUG: SF#1432624 - Incorrect documentation about caching expiry (Qiang)
BUG: THttpSession fails when user storage module is used (Qiang)
+CHG: TTextHighlighter.EnableCopyCode defaults to false (Qiang)
+CHG: Reorganized quickstart tutorial demo, added new sections (Qiang)
ENH: TDataFieldAccessor can access public class variables (Qiang)
ENH: Pagers in TDataGrid are now enclosed within panels (Qiang)
ENH: Ticket#92 - Support for user exception message file (Qiang)
diff --git a/UPGRADE b/UPGRADE
index 4940d832..2bfc8c53 100644
--- a/UPGRADE
+++ b/UPGRADE
@@ -10,9 +10,10 @@ for both A and B.
Upgrading from v3.0b
--------------------
-- THttpSession.Storage is changed to UseCustomStorage
+- THttpSession.UseCustomStorage replaces the previous Storage.
- Pagers in TDataGrid are now enclosed within panels. The event indicating
their creation is changed to OnPagerCreated instead of OnItemCreated.
+- TTextHighlighter.EnableCopyCode defaults to false now.
Upgrading from v3.0a
--------------------
diff --git a/demos/quickstart/protected/pages/Controls/Expression.page b/demos/quickstart/protected/pages/Controls/Expression.page
index efa1ab7a..c87f0ba4 100644
--- a/demos/quickstart/protected/pages/Controls/Expression.page
+++ b/demos/quickstart/protected/pages/Controls/Expression.page
@@ -27,4 +27,6 @@ The context of the expression in a TExpression control is the control i
Be aware, since TExpression allows execution of arbitrary PHP code, in general you should not use it to evaluate expressions submitted by your application users.
+
+
\ No newline at end of file
diff --git a/demos/quickstart/protected/pages/Controls/SafeHtml.page b/demos/quickstart/protected/pages/Controls/SafeHtml.page
index 16561672..565c8251 100644
--- a/demos/quickstart/protected/pages/Controls/SafeHtml.page
+++ b/demos/quickstart/protected/pages/Controls/SafeHtml.page
@@ -3,4 +3,23 @@
TSafeHtml
+
+TSafeHtml is a control that strips down all potentially dangerous HTML content. It is mainly a wrapper of the SafeHTML project. According to the SafeHTML project, it tries to safeguard the following situations when the string is to be displayed to end-users:
+
+
+ - Opening tag without its closing tag
+ - closing tag without its opening tag
+
- any of these tags: base, basefont, head, html, body, applet, object, iframe, frame, frameset, script, layer, ilayer, embed, bgsound, link, meta, style, title, blink, xml, etc.
+ - any of these attributes: on*, data*, dynsrc
+ - javascript:/vbscript:/about: etc. protocols
+ - expression/behavior etc. in styles
+ - any other active content.
+
+
+
+To use TSafeHtml, simply enclose the content to be secured within the TSafeHtml component tag in a template. The content may consist of both static text and PRADO controls. If the latter, the rendering result of the controls will be secured.
+
+
+
+
\ No newline at end of file
diff --git a/demos/quickstart/protected/pages/Controls/Samples/TExpression/Home.page b/demos/quickstart/protected/pages/Controls/Samples/TExpression/Home.page
new file mode 100644
index 00000000..2273f3c1
--- /dev/null
+++ b/demos/quickstart/protected/pages/Controls/Samples/TExpression/Home.page
@@ -0,0 +1,21 @@
+
+
+TExpression Sample
+
+
+
+|
+Using expression component tag:
+ |
+
+ |
+
+|
+Using shortcut expression tag:
+ |
+<%= $this->Page->PagePath %>
+ |
+
+
+
+
\ No newline at end of file
diff --git a/demos/quickstart/protected/pages/Controls/Samples/TSafeHtml/Home.page b/demos/quickstart/protected/pages/Controls/Samples/TSafeHtml/Home.page
new file mode 100644
index 00000000..88f8e162
--- /dev/null
+++ b/demos/quickstart/protected/pages/Controls/Samples/TSafeHtml/Home.page
@@ -0,0 +1,25 @@
+
+
+TSafeHtml Samples
+
+
+
+|
+Safeguard a static string:
+ |
+
+ javascript link stripped
+
+ |
+
+|
+Safeguard the control rendering results:
+ |
+
+
+
+ |
+
+
+
+
\ No newline at end of file
diff --git a/demos/quickstart/protected/pages/Controls/Samples/TStatements/Home.page b/demos/quickstart/protected/pages/Controls/Samples/TStatements/Home.page
new file mode 100644
index 00000000..66734ce0
--- /dev/null
+++ b/demos/quickstart/protected/pages/Controls/Samples/TStatements/Home.page
@@ -0,0 +1,29 @@
+
+
+TStatements Sample
+
+
+
+|
+Using TStatements component tag:
+ |
+
+
+ $uid=$this->UniqueID;
+ echo "UniqueID is '$uid'.";
+
+
+ |
+
+|
+Using shortcut statements tag:
+ |
+<%%
+ $uid=$this->UniqueID;
+ echo "UniqueID is '$uid'.";
+%>
+ |
+
+
+
+
\ No newline at end of file
diff --git a/demos/quickstart/protected/pages/Controls/Samples/TTextHighlighter/Home.page b/demos/quickstart/protected/pages/Controls/Samples/TTextHighlighter/Home.page
new file mode 100644
index 00000000..f220ce84
--- /dev/null
+++ b/demos/quickstart/protected/pages/Controls/Samples/TTextHighlighter/Home.page
@@ -0,0 +1,29 @@
+
+
+TTextHighlighter Samples
+
+
+
+|
+Highlighting PHP statements:
+ |
+
+
+
+ |
+
+|
+Highlighting control rendering results:
+ |
+
+
+
+ |
+
+
+
+
\ No newline at end of file
diff --git a/demos/quickstart/protected/pages/Controls/Standard.page b/demos/quickstart/protected/pages/Controls/Standard.page
index 11c8eaec..d6070986 100644
--- a/demos/quickstart/protected/pages/Controls/Standard.page
+++ b/demos/quickstart/protected/pages/Controls/Standard.page
@@ -91,7 +91,7 @@
TRadioButton represents a radiobutton on a Web page. It is mainly used in a group from which users make a choice.
- *
+
TSafeHtml displays its body content with assurance that the content contain no harmful code (such as XSS).
diff --git a/demos/quickstart/protected/pages/Controls/Statements.page b/demos/quickstart/protected/pages/Controls/Statements.page
index f37f1dc4..c6807738 100644
--- a/demos/quickstart/protected/pages/Controls/Statements.page
+++ b/demos/quickstart/protected/pages/Controls/Statements.page
@@ -38,4 +38,6 @@ The context of the statements in a TStatements control is the control i
Be aware, since TStatements allows execution of arbitrary PHP code, in general you should not use it to evaluate PHP code submitted by your application users.
+
+
\ No newline at end of file
diff --git a/demos/quickstart/protected/pages/Controls/TextHighlighter.page b/demos/quickstart/protected/pages/Controls/TextHighlighter.page
index 23c33b75..40806b02 100644
--- a/demos/quickstart/protected/pages/Controls/TextHighlighter.page
+++ b/demos/quickstart/protected/pages/Controls/TextHighlighter.page
@@ -21,16 +21,6 @@ print_r(explode('|', $str, 2)); // will output an array
</com:TTextHighlighter>
-
-The output will look as follows,
-
-
-
-
-
-
+
\ No newline at end of file
diff --git a/framework/Web/UI/WebControls/TSafeHtml.php b/framework/Web/UI/WebControls/TSafeHtml.php
index 432cb104..a625a84d 100644
--- a/framework/Web/UI/WebControls/TSafeHtml.php
+++ b/framework/Web/UI/WebControls/TSafeHtml.php
@@ -13,6 +13,23 @@
/**
* TSafeHtml class
*
+ * TSafeHtml is a control that strips down all potentially dangerous
+ * HTML content. It is mainly a wrapper of {@link http://pixel-apes.com/safehtml/ SafeHTML}
+ * project. According to the SafeHTML project, it tries to safeguard
+ * the following situations when the string is to be displayed to end-users,
+ * - Opening tag without its closing tag
+ * - closing tag without its opening tag
+ * - any of these tags: base, basefont, head, html, body, applet, object,
+ * iframe, frame, frameset, script, layer, ilayer, embed, bgsound, link,
+ * meta, style, title, blink, xml, etc.
+ * - any of these attributes: on*, data*, dynsrc
+ * - javascript:/vbscript:/about: etc. protocols
+ * - expression/behavior etc. in styles
+ * - any other active content.
+ *
+ * To use TSafeHtml, simply enclose the content to be secured within
+ * the body of TSafeHtml in a template.
+ *
* @author Wei Zhuo
* @version $Revision: $ $Date: $
* @package System.Web.UI.WebControls
@@ -26,10 +43,10 @@ class TSafeHtml extends TControl
* malicious javascript code from the body content
* @param THtmlWriter writer
*/
- public function renderContents($writer)
+ public function render($writer)
{
$textWriter=new TTextWriter;
- parent::renderContents(new THtmlWriter($textWriter));
+ parent::render(new THtmlWriter($textWriter));
$writer->write($this->parseSafeHtml($textWriter->flush()));
}
diff --git a/framework/Web/UI/WebControls/TTextHighlighter.php b/framework/Web/UI/WebControls/TTextHighlighter.php
index 6fb1ddbb..f5c3eca9 100644
--- a/framework/Web/UI/WebControls/TTextHighlighter.php
+++ b/framework/Web/UI/WebControls/TTextHighlighter.php
@@ -131,11 +131,11 @@ class TTextHighlighter extends TWebControl
}
/**
- * @return boolean true will show "Copy Code" link
+ * @return boolean true will show "Copy Code" link. Defaults to false.
*/
public function getEnableCopyCode()
{
- return $this->getViewState('CopyCode', true);
+ return $this->getViewState('CopyCode', false);
}
/**
@@ -143,7 +143,7 @@ class TTextHighlighter extends TWebControl
*/
public function setEnableCopyCode($value)
{
- $this->setViewState('CopyCode', TPropertyValue::ensureBoolean($value), true);
+ $this->setViewState('CopyCode', TPropertyValue::ensureBoolean($value), false);
}
/**
--
cgit v1.2.3