diff options
| author | Leif Åstrand <leif@vaadin.com> | 2012-06-29 11:49:30 +0300 |
|---|---|---|
| committer | Leif Åstrand <leif@vaadin.com> | 2012-06-29 11:49:30 +0300 |
| commit | fefbf1d45537c042207ec2795db4a7213ff73a8b (patch) | |
| tree | f3e09fe73831832b7332dd5eb3a50b6a2256fd89 /src | |
| parent | 6cb8da571a80104793e7dccde06b2cb2601a4678 (diff) | |
| download | vaadin-framework-fefbf1d45537c042207ec2795db4a7213ff73a8b.tar.gz vaadin-framework-fefbf1d45537c042207ec2795db4a7213ff73a8b.zip | |
Change Notification default to no allow HTML (#9066)
Diffstat (limited to 'src')
| -rw-r--r-- | src/com/vaadin/ui/Notification.java | 22 | ||||
| -rw-r--r-- | src/com/vaadin/ui/Root.java | 17 |
2 files changed, 21 insertions, 18 deletions
diff --git a/src/com/vaadin/ui/Notification.java b/src/com/vaadin/ui/Notification.java index 0358283cb4..502e5ff788 100644 --- a/src/com/vaadin/ui/Notification.java +++ b/src/com/vaadin/ui/Notification.java @@ -76,8 +76,7 @@ public class Notification implements Serializable { /** * Creates a "humanized" notification message. * - * Care should be taken to to avoid XSS vulnerabilities as the caption is by - * default rendered as html. + * The caption is rendered as plain text with HTML automatically escaped. * * @param caption * The message to show @@ -89,8 +88,7 @@ public class Notification implements Serializable { /** * Creates a notification message of the specified type. * - * Care should be taken to to avoid XSS vulnerabilities as the caption is by - * default rendered as html. + * The caption is rendered as plain text with HTML automatically escaped. * * @param caption * The message to show @@ -105,8 +103,8 @@ public class Notification implements Serializable { * Creates a "humanized" notification message with a bigger caption and * smaller description. * - * Care should be taken to to avoid XSS vulnerabilities as the caption and - * description are by default rendered as html. + * The caption and description are rendered as plain text with HTML + * automatically escaped. * * @param caption * The message caption @@ -121,8 +119,8 @@ public class Notification implements Serializable { * Creates a notification message of the specified type, with a bigger * caption and smaller description. * - * Care should be taken to to avoid XSS vulnerabilities as the caption and - * description are by default rendered as html. + * The caption and description are rendered as plain text with HTML + * automatically escaped. * * @param caption * The message caption @@ -132,7 +130,7 @@ public class Notification implements Serializable { * The type of message */ public Notification(String caption, String description, int type) { - this(caption, description, type, true); + this(caption, description, type, false); } /** @@ -335,8 +333,7 @@ public class Notification implements Serializable { * Shows a notification message on the middle of the current page. The * message automatically disappears ("humanized message"). * - * Care should be taken to to avoid XSS vulnerabilities as the caption is - * rendered as html. + * The caption is rendered as plain text with HTML automatically escaped. * * @see #Notification(String) * @see #show(Page) @@ -354,8 +351,7 @@ public class Notification implements Serializable { * defined in {@link Notification}, for instance * Notification.TYPE_WARNING_MESSAGE. * - * Care should be taken to to avoid XSS vulnerabilities as the caption is - * rendered as html. + * The caption is rendered as plain text with HTML automatically escaped. * * @see #Notification(String, int) * @see #show(Page) diff --git a/src/com/vaadin/ui/Root.java b/src/com/vaadin/ui/Root.java index 7ae687be79..2ca2da05ac 100644 --- a/src/com/vaadin/ui/Root.java +++ b/src/com/vaadin/ui/Root.java @@ -1075,7 +1075,9 @@ public abstract class Root extends AbstractComponentContainer implements */ @Deprecated public void showNotification(String caption) { - getPage().showNotification(new Notification(caption)); + Notification notification = new Notification(caption); + notification.setHtmlContentAllowed(true);// Backwards compatibility + getPage().showNotification(notification); } /** @@ -1098,7 +1100,9 @@ public abstract class Root extends AbstractComponentContainer implements */ @Deprecated public void showNotification(String caption, int type) { - getPage().showNotification(new Notification(caption, type)); + Notification notification = new Notification(caption, type); + notification.setHtmlContentAllowed(true);// Backwards compatibility + getPage().showNotification(notification); } /** @@ -1121,7 +1125,9 @@ public abstract class Root extends AbstractComponentContainer implements */ @Deprecated public void showNotification(String caption, String description) { - getPage().showNotification(new Notification(caption, description)); + Notification notification = new Notification(caption, description); + notification.setHtmlContentAllowed(true);// Backwards compatibility + getPage().showNotification(notification); } /** @@ -1147,8 +1153,9 @@ public abstract class Root extends AbstractComponentContainer implements */ @Deprecated public void showNotification(String caption, String description, int type) { - getPage() - .showNotification(new Notification(caption, description, type)); + Notification notification = new Notification(caption, description, type); + notification.setHtmlContentAllowed(true);// Backwards compatibility + getPage().showNotification(notification); } /** |