silverstripe-framework/forms
Ingo Schommer 1661213e5b FIX Opt-out pf form message escaping (fixes #2796)
This fixes a limitation introduced through http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/.
Form messages used to accept HTML, now they’re escaped by default, effectively removing the ability
to pass in HTML and take care of escaping manually.

We pass through HTML to message in core through the CTF system, so this needs to be fixed.
It’s an alternative fix to https://github.com/silverstripe/silverstripe-framework/pull/2803.
2014-08-22 16:59:34 +12:00
..
gridfield FIX Opt-out pf form message escaping (fixes #2796) 2014-08-22 16:59:34 +12:00
AjaxUniqueTextField.php Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
CheckboxField.php Correct line length and indentation 2013-08-21 21:27:16 +12:00
CheckboxSetField.php Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
ComplexTableField.php FIX Opt-out pf form message escaping (fixes #2796) 2014-08-22 16:59:34 +12:00
CompositeField.php Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
ConfirmedPasswordField.php FIX: ConfirmedPasswordField used to expose existing hash 2014-04-17 11:57:57 +12:00
CountryDropdownField.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
CreditCardField.php BUG Fixing tabindex added to CreditCardField when tabindex is NULL 2013-09-24 21:40:17 +02:00
CurrencyField.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
DatalessField.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
DateField.php Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
DatetimeField.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
DisabledTransformation.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
DropdownField.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
EmailField.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
FieldGroup.php Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
FieldList.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
FieldSet.php MINOR: Use Deprecation class to indicate deprecated methods in core. 2011-10-29 17:34:31 +13:00
FileField.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
FileIFrameField.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
Form.php FIX Opt-out pf form message escaping (fixes #2796) 2014-08-22 16:59:34 +12:00
FormAction.php Removing redundant function 2013-02-18 16:38:15 +00:00
FormField.php FIX Opt-out pf form message escaping (fixes #2796) 2014-08-22 16:59:34 +12:00
FormScaffolder.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
FormTransformation.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
GroupedDropdownField.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
HasManyComplexTableField.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
HasOneComplexTableField.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
HeaderField.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
HiddenField.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
HtmlEditorConfig.php API Disable discontinued Google Spellcheck in TinyMCE 2013-08-03 16:16:45 +02:00
HtmlEditorField.php FIX "Insert Link" and other TinyMCE loading bugs (fixes #8327) 2013-03-20 17:58:17 +01:00
ImageField.php Fixing misleading ImageField deprecation message 2012-10-11 15:40:55 +13:00
ImageFormAction.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
InlineFormAction.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
LabelField.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
ListboxField.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
LiteralField.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
LookupField.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
ManyManyComplexTableField.php Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
MemberDatetimeOptionsetField.php BUGFIX Fixed XSS in admin/security and "My Profile" forms 2013-02-17 23:27:15 +01:00
MoneyField.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
NestedForm.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
NullableField.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
NumericField.php Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
OptionsetField.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
PasswordField.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
PhoneNumberField.php Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
PrintableTransformation.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
ReadonlyField.php NEW: Add ReadonlyField::setIncludeHiddenField() 2013-01-08 17:45:17 +13:00
ReadonlyTransformation.php Clean up trailing ?> per coding standard 2012-02-12 12:40:16 -08:00
RequiredFields.php FIX: Removed notice-level error after forms w/ required fields are made readonly. 2013-01-29 18:03:47 +01:00
ResetFormAction.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
SelectionGroup.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
SimpleImageField.php Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
Tab.php ENHANCEMENT addExtraClass() support for Tab and TabSet 2012-05-08 11:25:44 +02:00
TableField.php Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
TableListField.php Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
TabSet.php BUG Remove .ss-tabset class from CMS tabs to prevent rogue ajax load (#7980) 2012-11-01 00:25:13 +01:00
TabularStyle.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
TextareaField.php Update forms/TextareaField.php 2012-12-26 22:29:36 +13:00
TextField.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
TimeField.php BUG TimeField respects user choice (fixes #8260) 2013-02-17 21:00:02 +01:00
ToggleCompositeField.php Fluent interface for ToggleCompositeField 2012-07-15 21:28:09 +02:00
ToggleField.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
TreeDropdownField.php FIX Auto-escape titles in TreeDropdownField 2013-09-24 21:40:17 +02:00
TreeMultiselectField.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
UploadField.php Test allowedExtensions in UploadField, return correct HTTP status 2013-07-12 13:16:34 +02:00
Validator.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00