mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-23 07:09:20 +01:00
Avoid XSS by using CSS to keep line breaks intact instead.
This commit is contained in:
parent
52933ba6c3
commit
0fa6386b1c
@ -235,12 +235,7 @@ var et2_textbox_ro = et2_valueWidget.extend([et2_IDetachedDOM],
|
||||
{
|
||||
_value = "";
|
||||
}
|
||||
else
|
||||
{
|
||||
_value = _value.replace(/\n/g,'<br />');
|
||||
}
|
||||
// Use html() or the <br /> gets stripped
|
||||
this.span.html(_value);
|
||||
this.span.text(_value);
|
||||
},
|
||||
/**
|
||||
* Code for implementing et2_IDetachedDOM
|
||||
|
@ -238,6 +238,9 @@ button.et2_button_text:focus, input[type=button]:focus {
|
||||
.et2_textbox {
|
||||
resize: none;
|
||||
}
|
||||
.et2_textbox_ro {
|
||||
white-space: pre-wrap;
|
||||
}
|
||||
|
||||
.et2_bold {
|
||||
font-weight: bold;
|
||||
@ -678,10 +681,10 @@ ul.et2_vfs {
|
||||
/**
|
||||
* Validation
|
||||
*/
|
||||
input[required] {
|
||||
[required] {
|
||||
background-color: #ffffd0;
|
||||
}
|
||||
input.invalid {
|
||||
.invalid {
|
||||
border: 1px solid #a6261d;
|
||||
background-color: #faecec;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user