Revision: 2484
https://sourceforge.net/p/mrbs/code/2484/
Author: cimorrison
Date: 2012-10-10 12:50:29 +0000 (Wed, 10 Oct 2012)
Log Message:
-----------
Removed HTML escaping from form labels which are trusted and allowed to contain
HTML
Modified Paths:
--------------
mrbs/branches/improved_repeat_interface/web/functions.inc
Modified: mrbs/branches/improved_repeat_interface/web/functions.inc
===================================================================
--- mrbs/branches/improved_repeat_interface/web/functions.inc 2012-10-09
17:49:44 UTC (rev 2483)
+++ mrbs/branches/improved_repeat_interface/web/functions.inc 2012-10-10
12:50:29 UTC (rev 2484)
@@ -481,7 +481,8 @@
}
// generate the HTML
- $html = "<label for=\"" . $params['name'] . "\">" .
htmlspecialchars($params['label']) . "</label>\n";
+ // no HTML escaping for the label - it is trusted
+ $html = "<label for=\"" . $params['name'] . "\">" . $params['label'] .
"</label>\n";
$html .= "<input type=\"checkbox\" class=\"checkbox\"";
$html .= " id=\"" . $params['name'] . "\" name=\"" . $params['name'] . "\"
value=\"1\"";
$html .= (empty($params['value'])) ? "" : " checked=\"checked\"";
@@ -537,7 +538,8 @@
}
// generate the HTML
- $html = "<label for=\"" . $params['name'] . "\">" .
htmlspecialchars($params['label']) . "</label>\n";
+ // no HTML escaping for the label - it is trusted
+ $html = "<label for=\"" . $params['name'] . "\">" . $params['label'] .
"</label>\n";
$html .= "<input " . $params['attributes'];
$html .= " id=\"" . $params['name'] . "\" name=\"" . $params['name'] . "\"";
$html .= ($params['disabled']) ? " disabled=\"disabled\"" : '';
@@ -604,7 +606,8 @@
}
}
// generate the HTML
- $html = "<label>" . htmlspecialchars($params['label']) . "</label>\n";
+ // no HTML escaping for the label - it is trusted
+ $html = "<label>" . $params['label'] . "</label>\n";
$html .= "<div class=\"group\">\n";
// Output each radio button
foreach ($params['options'] as $value => $token)
@@ -671,7 +674,8 @@
}
// generate the HTML
- $html = "<label>" . htmlspecialchars($params['label']) . "</label>\n";
+ // no HTML escaping for the label - it is trusted
+ $html = "<label>" . $params['label'] . "</label>\n";
$html .= "<div class=\"group\">\n";
// Output each checkbox
foreach ($params['options'] as $value => $token)
@@ -737,7 +741,8 @@
}
}
// generate the HTML
- $html = "<label for=\"" .$params['name'] . "\">" .
htmlspecialchars($params['label']) . "</label>\n";
+ // no HTML escaping for the label - it is trusted
+ $html = "<label for=\"" .$params['name'] . "\">" . $params['label'] .
"</label>\n";
$html .= "<select id=\"" . $params['name'] . "\" name=\"" . $params['name']
. "\"";
$html .= ($params['disabled']) ? " disabled=\"disabled\"" : "";
$html .= ($params['mandatory']) ? " required aria-required=\"true\"" : "";
@@ -812,7 +817,8 @@
}
}
// generate the HTML
- $html = "<label for=\"" . $params['name'] . "\">" .
htmlspecialchars($params['label']) . "</label>\n";
+ // no HTML escaping for the label - it is trusted
+ $html = "<label for=\"" . $params['name'] . "\">" . $params['label'] .
"</label>\n";
// textarea rows and cols are overridden by CSS height and width
$html .= "<textarea id=\"" . $params['name'] . "\" name=\"" .
$params['name'] . "\" rows=\"8\" cols=\"40\"";
$html .= " " . $params['attributes'];
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits
