From 3192eb5cafef46ed5203a8cb2f7ae885e5693a47 Mon Sep 17 00:00:00 2001 From: xue <> Date: Mon, 27 Mar 2006 03:40:01 +0000 Subject: Added demos for TExpression, TStatements, TSafeHtml and TTextHighlighter. --- framework/Web/UI/WebControls/TSafeHtml.php | 21 +++++++++++++++++++-- framework/Web/UI/WebControls/TTextHighlighter.php | 6 +++--- 2 files changed, 22 insertions(+), 5 deletions(-) (limited to 'framework') diff --git a/framework/Web/UI/WebControls/TSafeHtml.php b/framework/Web/UI/WebControls/TSafeHtml.php index 432cb104..a625a84d 100644 --- a/framework/Web/UI/WebControls/TSafeHtml.php +++ b/framework/Web/UI/WebControls/TSafeHtml.php @@ -13,6 +13,23 @@ /** * TSafeHtml class * + * TSafeHtml is a control that strips down all potentially dangerous + * HTML content. It is mainly a wrapper of {@link http://pixel-apes.com/safehtml/ SafeHTML} + * project. According to the SafeHTML project, it tries to safeguard + * the following situations when the string is to be displayed to end-users, + * - Opening tag without its closing tag + * - closing tag without its opening tag + * - any of these tags: base, basefont, head, html, body, applet, object, + * iframe, frame, frameset, script, layer, ilayer, embed, bgsound, link, + * meta, style, title, blink, xml, etc. + * - any of these attributes: on*, data*, dynsrc + * - javascript:/vbscript:/about: etc. protocols + * - expression/behavior etc. in styles + * - any other active content. + * + * To use TSafeHtml, simply enclose the content to be secured within + * the body of TSafeHtml in a template. + * * @author Wei Zhuo * @version $Revision: $ $Date: $ * @package System.Web.UI.WebControls @@ -26,10 +43,10 @@ class TSafeHtml extends TControl * malicious javascript code from the body content * @param THtmlWriter writer */ - public function renderContents($writer) + public function render($writer) { $textWriter=new TTextWriter; - parent::renderContents(new THtmlWriter($textWriter)); + parent::render(new THtmlWriter($textWriter)); $writer->write($this->parseSafeHtml($textWriter->flush())); } diff --git a/framework/Web/UI/WebControls/TTextHighlighter.php b/framework/Web/UI/WebControls/TTextHighlighter.php index 6fb1ddbb..f5c3eca9 100644 --- a/framework/Web/UI/WebControls/TTextHighlighter.php +++ b/framework/Web/UI/WebControls/TTextHighlighter.php @@ -131,11 +131,11 @@ class TTextHighlighter extends TWebControl } /** - * @return boolean true will show "Copy Code" link + * @return boolean true will show "Copy Code" link. Defaults to false. */ public function getEnableCopyCode() { - return $this->getViewState('CopyCode', true); + return $this->getViewState('CopyCode', false); } /** @@ -143,7 +143,7 @@ class TTextHighlighter extends TWebControl */ public function setEnableCopyCode($value) { - $this->setViewState('CopyCode', TPropertyValue::ensureBoolean($value), true); + $this->setViewState('CopyCode', TPropertyValue::ensureBoolean($value), false); } /** -- cgit v1.2.3