Author: kkolinko
Date: Thu Mar 22 23:38:27 2012
New Revision: 1304136
URL: http://svn.apache.org/viewvc?rev=1304136&view=rev
Log:
Merged revision 1304135 from tomcat/trunk:
In "echo" websocket example: Treat the text typed by user and echoed by server
as plain text instead of HTML, effectively safe-guarding it.
Just noting that "chat" example is different and safe-guards at the server side.
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/webapps/examples/websocket/echo.html
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1304135
Modified: tomcat/tc7.0.x/trunk/webapps/examples/websocket/echo.html
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/examples/websocket/echo.html?rev=1304136&r1=1304135&r2=1304136&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/examples/websocket/echo.html (original)
+++ tomcat/tc7.0.x/trunk/webapps/examples/websocket/echo.html Thu Mar 22
23:38:27 2012
@@ -111,7 +111,7 @@
var console = document.getElementById('console');
var p = document.createElement('p');
p.style.wordWrap = 'break-word';
- p.innerHTML = message;
+ p.appendChild(document.createTextNode(message));
console.appendChild(p);
while (console.childNodes.length > 25) {
console.removeChild(console.firstChild);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
