[Jifty-commit] r2158 - in jifty/trunk/lib/Jifty/Web: Form
jifty-commit at lists.jifty.org
jifty-commit at lists.jifty.org
Wed Nov 15 01:59:32 EST 2006
Author: jesse
Date: Wed Nov 15 01:59:31 2006
New Revision: 2158
Modified:
jifty/trunk/lib/Jifty/Web/Form.pm
jifty/trunk/lib/Jifty/Web/Form/Link.pm
Log:
* Links and Form titles needed to be better escaped
Modified: jifty/trunk/lib/Jifty/Web/Form.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Web/Form.pm (original)
+++ jifty/trunk/lib/Jifty/Web/Form.pm Wed Nov 15 01:59:31 2006
@@ -184,10 +184,10 @@
}
}
- my $form_start = qq!<form method="post" action="$ENV{PATH_INFO}"!;
- $form_start .= qq! name="@{[ $self->name ]}"! if defined $self->name;
- $form_start .= qq! autocomplete="off"! if defined $self->disable_autocomplete;
- $form_start .= qq! enctype="multipart/form-data" >\n!;
+ my $form_start = qq!<form method="post" action="! . Jifty->web->escape( $ENV{PATH_INFO} ) . qq!"!;
+ $form_start .= qq! name="@{[ $self->name ]}"! if defined $self->name;
+ $form_start .= qq! autocomplete="off"! if defined $self->disable_autocomplete;
+ $form_start .= qq! enctype="multipart/form-data" >\n!;
Jifty->web->out($form_start);
# Write out state variables early, so that if a form gets
Modified: jifty/trunk/lib/Jifty/Web/Form/Link.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Web/Form/Link.pm (original)
+++ jifty/trunk/lib/Jifty/Web/Form/Link.pm Wed Nov 15 01:59:31 2006
@@ -109,7 +109,7 @@
Jifty->web->out(qq( title="@{[$self->tooltip]}")) if $tooltip;
Jifty->web->out(qq( target="@{[$self->target]}")) if $self->target;
Jifty->web->out(qq( accesskey="@{[$self->key_binding]}")) if $self->key_binding;
- Jifty->web->out(qq( href="@{[$self->url]}"));
+ Jifty->web->out(qq( href="@{[Jifty->web->escape($self->url)]}"));
Jifty->web->out( $self->javascript() );
Jifty->web->out(qq(>$label</a>));
$self->render_key_binding();
More information about the Jifty-commit
mailing list