Browse Source

Using `Json::htmlEncode()` for safer JSON data encoding in HTML code

tags/2.0.4
Qiang Xue 10 years ago
parent
commit
898682b04c
  1. 1
      CHANGELOG.md
  2. 2
      Widget.php

1
CHANGELOG.md

@ -8,6 +8,7 @@ Yii Framework 2 bootstrap extension Change Log
- Bug #5984: `yii\bootstrap\Activefield::checkbox()` caused browser to link label to the wrong input (cebe) - Bug #5984: `yii\bootstrap\Activefield::checkbox()` caused browser to link label to the wrong input (cebe)
- Bug #7894: Fixed incorrect URL config processing at `yii\bootstrap\Nav::items` if route element is not a first one (nkovacs, klimov-paul) - Bug #7894: Fixed incorrect URL config processing at `yii\bootstrap\Nav::items` if route element is not a first one (nkovacs, klimov-paul)
- Bug #8231: Configuration of Alert, ButtonDropdown, Modal widget where not preserved when used multiple times (cebe, idMolotov) - Bug #8231: Configuration of Alert, ButtonDropdown, Modal widget where not preserved when used multiple times (cebe, idMolotov)
- Bug (CVE-2015-3397): Using `Json::htmlEncode()` for safer JSON data encoding in HTML code (samdark, Tomasz Tokarski)
- Enh #29: Added support to list-groups for Collapse class (pana1990, skullcrasher) - Enh #29: Added support to list-groups for Collapse class (pana1990, skullcrasher)
- Enh #2546: Added `visible` option to `yii\bootstrap\ButtonGroup::$buttons` (samdark, lukBarros) - Enh #2546: Added `visible` option to `yii\bootstrap\ButtonGroup::$buttons` (samdark, lukBarros)
- Enh #7633: Added `ActionColumn::$buttonOptions` for defining HTML options to be added to the default buttons (cebe) - Enh #7633: Added `ActionColumn::$buttonOptions` for defining HTML options to be added to the default buttons (cebe)

2
Widget.php

@ -66,7 +66,7 @@ class Widget extends \yii\base\Widget
$id = $this->options['id']; $id = $this->options['id'];
if ($this->clientOptions !== false) { if ($this->clientOptions !== false) {
$options = empty($this->clientOptions) ? '' : Json::encode($this->clientOptions); $options = empty($this->clientOptions) ? '' : Json::htmlEncode($this->clientOptions);
$js = "jQuery('#$id').$name($options);"; $js = "jQuery('#$id').$name($options);";
$view->registerJs($js); $view->registerJs($js);
} }

Loading…
Cancel
Save