Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

XSS patch on the form panel

  • Loading branch information...
commit a46981c21d85ba78d65baf5cf6b3f48fb8e569db 1 parent cfe54ac
@kyolee310 kyolee310 authored
Showing with 6 additions and 6 deletions.
  1. +6 −6 koala/templates/panels/form_field_row.pt
View
12 koala/templates/panels/form_field_row.pt
@@ -3,7 +3,7 @@
<div class="row ${inline} controls-wrapper" id="controls_${field.name}">
<div tal:condition="not:reverse" tal:omit-tag="">
<div class="small-${leftcol_width} columns" tal:condition="leftcol_width">
- <label class="right">
+ <label class="right" ng-non-bindable="">
${field.label.text}&nbsp;<span tal:condition="field.flags.required" class="req">*</span>
</label>
</div>
@@ -11,9 +11,9 @@
${structure:field(**html_attrs)}
<span tal:condition="getattr(field, 'help_text', None)" class="helptext-icon"
data-tooltip="" title="${field.help_text}">?</span>
- <small class="error" tal:condition="error_msg">${error_msg}</small>
+ <small class="error" tal:condition="error_msg" ng-non-bindable="">${error_msg}</small>
<div tal:condition="field.errors" class="server-validation">
- <span class="error" tal:repeat="error field.errors">${error}</span>
+ <span class="error" tal:repeat="error field.errors" ng-non-bindable="">${error}</span>
</div>
</div>
</div>
@@ -22,14 +22,14 @@
${structure:field(**html_attrs)}
</div>
<div class="columns small-${rightcol_width}">
- <label for="${field.name}" class="reverse">
+ <label for="${field.name}" class="reverse" ng-non-bindable="">
${field.label.text}&nbsp;<span tal:condition="field.flags.required" class="req">*</span>
</label>
<span tal:condition="getattr(field, 'help_text', None)"
class="helptext-icon" data-tooltip="" title="${field.help_text}">?</span>
- <small class="error" tal:condition="error_msg">${error_msg}</small>
+ <small class="error" tal:condition="error_msg" ng-non-bindable="">${error_msg}</small>
<div tal:condition="field.errors" class="server-validation">
- <span class="error" tal:repeat="error field.errors">${error}</span>
+ <span class="error" tal:repeat="error field.errors" ng-non-bindable="">${error}</span>
</div>
</div>
</div>
Please sign in to comment.
Something went wrong with that request. Please try again.