From e4a486b62af0895fd690588129de1190ebf7bd12 Mon Sep 17 00:00:00 2001
From: xue <>
Date: Wed, 18 Jan 2006 19:13:01 +0000
Subject:
---
demos/quickstart/protected/controls/Layout.tpl | 2 ++
framework/Web/UI/WebControls/TTextBox.php | 10 +++++++++-
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/demos/quickstart/protected/controls/Layout.tpl b/demos/quickstart/protected/controls/Layout.tpl
index 586b30af..9cdc0362 100644
--- a/demos/quickstart/protected/controls/Layout.tpl
+++ b/demos/quickstart/protected/controls/Layout.tpl
@@ -33,6 +33,8 @@
diff --git a/framework/Web/UI/WebControls/TTextBox.php b/framework/Web/UI/WebControls/TTextBox.php
index edf74a75..111fec1e 100644
--- a/framework/Web/UI/WebControls/TTextBox.php
+++ b/framework/Web/UI/WebControls/TTextBox.php
@@ -35,6 +35,14 @@
* also be processed, which can be further restricted within
* a {@link setValidationGroup ValidationGroup}.
*
+ * WARNING: Be careful if you want to display the text collected via TTextBox.
+ * Malicious cross-site script may be injected in. You may use {@link getSafeText SafeText}
+ * to prevent this problem.
+ *
+ * NOTE: If you set {@link setWrap Wrap} to false or use {@link setAutoCompleteType AutoCompleteType},
+ * the generated HTML output for the textbox will not be XHTML-compatible.
+ * Currently, no alternatives are available.
+ *
* @author Qiang Xue
* @version $Revision: $ $Date: $
* @package System.Web.UI.WebControls
@@ -135,7 +143,7 @@ class TTextBox extends TWebControl implements IPostBackDataHandler, IValidatable
$writer->addAttribute('disabled','disabled');
if($this->getAutoPostBack() && $page->getClientSupportsJavaScript())
{
- $writer->addAttribute('id',$this->getClientID());
+ $writer->addAttribute('id',$this->getClientID());
$this->getPage()->getClientScript()->registerPostBackControl($this);
/*$options = $this->getAutoPostBackOptions();
$scripts = $this->getPage()->getClientScript();
--
cgit v1.2.3