[jboss-cvs] jboss-seam/examples/wiki/view/plugins/flash ...
Christian Bauer
christian at hibernate.org
Wed Nov 14 05:55:25 EST 2007
User: cbauer
Date: 07/11/14 05:55:25
Modified: examples/wiki/view/plugins/flash plugin.xhtml
Log:
Fixed flash plugin
Revision Changes Path
1.4 +20 -18 jboss-seam/examples/wiki/view/plugins/flash/plugin.xhtml
(In the diff below, changes in quantity of whitespace are not shown.)
Index: plugin.xhtml
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/examples/wiki/view/plugins/flash/plugin.xhtml,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -b -r1.3 -r1.4
--- plugin.xhtml 12 Nov 2007 07:37:27 -0000 1.3
+++ plugin.xhtml 14 Nov 2007 10:55:25 -0000 1.4
@@ -20,25 +20,27 @@
</div>
</s:div>
- (The flash plugin is currently disabled as it opens up XSS injection attack vectors. To be replaced
- with a future version that parses the flash URL and/or only allows certain sites, see:
- http://drupal.org/project/embedfilter)
-
- <s:fragment rendered="#{false}">
- <s:div rendered="#{!empty flashPreferences.properties['flashURL']}">
- <object width="#{flashPreferences.properties['objectWidth']}"
- height="#{flashPreferences.properties['objectHeight']}">
- <param name="movie" value="#{flashPreferences.properties['flashURL']}"></param>
+ <s:div rendered="#{not empty flashPreferences.flashURL and flash.URLAllowed}">
+ <object width="#{flashPreferencesobjectWidth}"
+ height="#{flashPreferences.objectHeight}">
+ <param name="movie" value="#{flashPreferences.flashURL}"></param>
<param name="wmode" value="transparent"></param>
- <embed src="#{flashPreferences.properties['flashURL']}"
+ <embed src="#{flashPreferences.flashURL}"
type="application/x-shockwave-flash"
wmode="transparent"
- width="#{flashPreferences.properties['objectWidth']}"
- height="#{flashPreferences.properties['objectHeight']}">
+ width="#{flashPreferences.objectWidth}"
+ height="#{flashPreferences.objectHeight}">
</embed>
</object>
</s:div>
- </s:fragment>
+
+ <s:div rendered="#{empty flashPreferences.flashURL}" styleClass="flashURLNotSupplied">
+ <h:outputText value="#{messages['flash.msg.URLNotSupplied']}"/>
+ </s:div>
+
+ <s:div rendered="#{not empty flashPreferences.flashURL and not flash.URLAllowed}" styleClass="flashURLNotAllowed">
+ <h:outputText value="#{messages['flash.msg.URLNotAllowed']}"/>
+ </s:div>
</s:div>
More information about the jboss-cvs-commits
mailing list