Browse files

Adds escapeHTML to SC.MenuPane

  • Loading branch information...
1 parent 07abb34 commit 1eb463b3aaabeac8d078cad435297ce695e8c914 @nicolasbadia nicolasbadia committed with dcporter Oct 30, 2013
Showing with 12 additions and 2 deletions.
  1. +12 −2 frameworks/desktop/panes/menu.js
View
14 frameworks/desktop/panes/menu.js
@@ -229,6 +229,14 @@ SC.MenuPane = SC.PickerPane.extend(
isSubMenu: NO,
/**
+ If true, title of menu items will be escaped to avoid scripting attacks.
+
+ @type Boolean
+ @default YES
+ */
+ escapeHTML: YES,
+
+ /**
Whether the title of menu items should be localized before display.
@type Boolean
@@ -649,7 +657,7 @@ SC.MenuPane = SC.PickerPane.extend(
exampleViewKey, itemExampleView,
height, heightKey, separatorKey, defaultHeight, separatorHeight,
menuHeight, menuHeightPadding, keyEquivalentKey, keyEquivalent,
- keyArray, idx, layerIdKey, propertiesHash,
+ keyArray, idx, layerIdKey, propertiesHash, escapeHTML,
len;
if (!items) return views; // return an empty array
@@ -661,6 +669,7 @@ SC.MenuPane = SC.PickerPane.extend(
keyEquivalentKey = this.get('itemKeyEquivalentKey');
separatorHeight = this.get('itemSeparatorHeight');
layerIdKey = this.get('itemLayerIdKey');
+ escapeHTML = this.get('escapeHTML');
menuHeightPadding = Math.floor(this.get('menuHeightPadding') / 2);
menuHeight = menuHeightPadding;
@@ -689,7 +698,8 @@ SC.MenuPane = SC.PickerPane.extend(
layout: { height: height, top: menuHeight },
contentDisplayProperties: keyArray,
content: item,
- parentMenu: this
+ parentMenu: this,
+ escapeHTML: escapeHTML
};
if (item.get(layerIdKey)) {

0 comments on commit 1eb463b

Please sign in to comment.