From 75f28186a995aa930f6db9f05ec7b63bbd2cd284 Mon Sep 17 00:00:00 2001 From: xue <> Date: Tue, 30 May 2006 03:30:14 +0000 Subject: Merge from 3.0 branch till 1103 --- framework/Web/UI/WebControls/THyperLink.php | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'framework/Web/UI/WebControls') diff --git a/framework/Web/UI/WebControls/THyperLink.php b/framework/Web/UI/WebControls/THyperLink.php index 1a5db69d..5489727c 100644 --- a/framework/Web/UI/WebControls/THyperLink.php +++ b/framework/Web/UI/WebControls/THyperLink.php @@ -22,10 +22,6 @@ * If both {@link getImageUrl ImageUrl} and {@link getText Text} are empty, * the content enclosed within the control tag will be rendered. * - * Note, {@link getText Text} is not HTML-encoded when displayed. - * Make sure it does not contain unwanted characters that may bring - * security vulnerabilities. - * * @author Qiang Xue * @version $Revision: $ $Date: $ * @package System.Web.UI.WebControls @@ -66,7 +62,7 @@ class THyperLink extends TWebControl if(($imageUrl=$this->getImageUrl())==='') { if(($text=$this->getText())!=='') - $writer->write($text); + $writer->write(THttpUtility::htmlEncode($text)); else parent::renderContents($writer); } @@ -77,7 +73,7 @@ class THyperLink extends TWebControl if(($toolTip=$this->getToolTip())!=='') $image->setToolTip($toolTip); if(($text=$this->getText())!=='') - $image->setAlternateText($text); + $image->setAlternateText(THttpUtility::htmlEncode($text)); $image->renderControl($writer); } } -- cgit v1.2.3