[Jifty-commit] r2158 - in jifty/trunk/lib/Jifty/Web: Form

jifty-commit at lists.jifty.org jifty-commit at lists.jifty.org
Wed Nov 15 01:59:32 EST 2006


Author: jesse
Date: Wed Nov 15 01:59:31 2006
New Revision: 2158

Modified:
   jifty/trunk/lib/Jifty/Web/Form.pm
   jifty/trunk/lib/Jifty/Web/Form/Link.pm

Log:
* Links and Form titles needed to be better escaped

Modified: jifty/trunk/lib/Jifty/Web/Form.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Web/Form.pm	(original)
+++ jifty/trunk/lib/Jifty/Web/Form.pm	Wed Nov 15 01:59:31 2006
@@ -184,10 +184,10 @@
         }
     }
 
-    my $form_start = qq!<form method="post" action="$ENV{PATH_INFO}"!;
-    $form_start   .= qq! name="@{[ $self->name ]}"! if defined $self->name;
-    $form_start   .= qq! autocomplete="off"! if defined $self->disable_autocomplete;
-    $form_start   .= qq! enctype="multipart/form-data" >\n!;
+    my $form_start = qq!<form method="post" action="!  . Jifty->web->escape( $ENV{PATH_INFO} ) . qq!"!;
+    $form_start .= qq! name="@{[ $self->name ]}"! if defined $self->name;
+    $form_start .= qq! autocomplete="off"!  if defined $self->disable_autocomplete;
+    $form_start .= qq! enctype="multipart/form-data" >\n!;
     Jifty->web->out($form_start);
 
     # Write out state variables early, so that if a form gets

Modified: jifty/trunk/lib/Jifty/Web/Form/Link.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Web/Form/Link.pm	(original)
+++ jifty/trunk/lib/Jifty/Web/Form/Link.pm	Wed Nov 15 01:59:31 2006
@@ -109,7 +109,7 @@
     Jifty->web->out(qq( title="@{[$self->tooltip]}")) if $tooltip;
     Jifty->web->out(qq( target="@{[$self->target]}")) if $self->target;
     Jifty->web->out(qq( accesskey="@{[$self->key_binding]}")) if $self->key_binding;
-    Jifty->web->out(qq( href="@{[$self->url]}"));
+    Jifty->web->out(qq( href="@{[Jifty->web->escape($self->url)]}"));
     Jifty->web->out( $self->javascript() );
     Jifty->web->out(qq(>$label</a>));
     $self->render_key_binding();


More information about the Jifty-commit mailing list