##// END OF EJS Templates
bleach: moved clean out of the catch context, so we no longer allow sanitizer to be bypassed....
bleach: moved clean out of the catch context, so we no longer allow sanitizer to be bypassed. - in addition we bumped bleach to fix the error that allowed bypass

File last commit:

r2559:949420ae default
r2992:63458594 default
Show More
checkbox.pt
26 lines | 961 B | text/plain | TextLexer
<span tal:define="name name|field.name;
true_val true_val|field.widget.true_val;
css_class css_class|field.widget.css_class;
style style|field.widget.style;
oid oid|field.oid;
help_block help_block|field.widget.help_block|'';
"
tal:omit-tag="">
<div class="checkbox">
<input type="checkbox" name="${name}" value="${true_val}"
readonly="readonly" disabled="disabled"
id="${oid}"
tal:attributes="checked cstruct == true_val;
class css_class;
style style;"
/>
<p tal:condition="help_block" class="help-block">${help_block}</p>
<label for="${field.oid}">
<span tal:condition="hasattr(field, 'schema') and hasattr(field.schema, 'label')"
tal:replace="field.schema.label" class="checkbox-label" >
</span>
</label>
</div>
</span>