Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 55 lines (43 sloc) 1.487 kB
924f324 @docelic * Small updates to existing pages
docelic authored
1 __NAME__ purpose
2 display raw, unencoded value, providing no option to change it
3 __END__
4
5 __NAME__ synopsis
6 __END__
7
8 __NAME__ description
9 The &widget-__FILENAME__; widget simply displays &glos-variable;s
10 from the &glos-value;s space and does not create any &glos-HTML;
11 form element that would allow changing them.
12 </para><para>
13 It is similar to &widget-value;, but more dangerous. It does not
14 perform any encoding on the value before display, allowing for
15 possible untrusted data (including both &glos-HTML; and &glos-ITL;!)
16 to be injected into the &glos-HTML; stream.
17 </para><para>
18 Use this widget with caution and always only on data you absolutely
19 trust.
20 __END__
21
22 __NAME__ notes
23 The variable value is not encoded before display; to
24 enabled recommended processing before display,
25 use widget &widget-value;.
26 __END__
27
28
29 __NAME__ online: Basic value initialization and display
30 <programlisting>
31 [value name=widget_testrealvalue set="Test Widget Value" hide=1]
32
33 [widget name=widget_testrealvalue type=realvalue]
34 </programlisting>
35 __END__
36
37 __NAME__ online: Basic value initialization and display, showing arbitrary HTML and ITL code insertion
38 <programlisting>
39 [set widget_testrealvalue_input]
40 Test &lt;i&gt;Widget&lt;i&gt; &lt;b&gt;Value&lt;/b&gt;. The time is: [time]
41 [/set]
42
43 [value name=widget_testrealvalue
44 set="[scratch widget_testrealvalue_input]"
45 hide=1]
46
47 [widget name=widget_testrealvalue type=realvalue]
48 </programlisting>
49 __END__
50
51 __NAME__ see also
52 text, textarea, value
53 __END__
54
Something went wrong with that request. Please try again.