[jboss-cvs] jboss-seam/examples/wiki/view/plugins/flash ...

Christian Bauer christian at hibernate.org
Wed Nov 14 05:55:25 EST 2007 

  User: cbauer  
  Date: 07/11/14 05:55:25

  Modified:    examples/wiki/view/plugins/flash  plugin.xhtml
  Log:
  Fixed flash plugin
  
  Revision  Changes    Path
  1.4       +20 -18    jboss-seam/examples/wiki/view/plugins/flash/plugin.xhtml
  
  (In the diff below, changes in quantity of whitespace are not shown.)
  
  Index: plugin.xhtml
  ===================================================================
  RCS file: /cvsroot/jboss/jboss-seam/examples/wiki/view/plugins/flash/plugin.xhtml,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -b -r1.3 -r1.4
  --- plugin.xhtml	12 Nov 2007 07:37:27 -0000	1.3
  +++ plugin.xhtml	14 Nov 2007 10:55:25 -0000	1.4
  @@ -20,25 +20,27 @@
           </div>
       </s:div>
   
  -    (The flash plugin is currently disabled as it opens up XSS injection attack vectors. To be replaced
  -    with a future version that parses the flash URL and/or only allows certain sites, see:
  -    http://drupal.org/project/embedfilter)
  -
  -    <s:fragment rendered="#{false}">
  -        <s:div rendered="#{!empty flashPreferences.properties['flashURL']}">
  -            <object width="#{flashPreferences.properties['objectWidth']}"
  -                    height="#{flashPreferences.properties['objectHeight']}">
  -                <param name="movie" value="#{flashPreferences.properties['flashURL']}"></param>
  +    <s:div rendered="#{not empty flashPreferences.flashURL and flash.URLAllowed}">
  +        <object width="#{flashPreferencesobjectWidth}"
  +                height="#{flashPreferences.objectHeight}">
  +            <param name="movie" value="#{flashPreferences.flashURL}"></param>
                   <param name="wmode" value="transparent"></param>
  -                <embed src="#{flashPreferences.properties['flashURL']}"
  +            <embed src="#{flashPreferences.flashURL}"
                          type="application/x-shockwave-flash"
                          wmode="transparent"
  -                       width="#{flashPreferences.properties['objectWidth']}"
  -                       height="#{flashPreferences.properties['objectHeight']}">
  +                   width="#{flashPreferences.objectWidth}"
  +                   height="#{flashPreferences.objectHeight}">
                  </embed>
               </object>
           </s:div>
  -    </s:fragment>
  +
  +    <s:div rendered="#{empty flashPreferences.flashURL}" styleClass="flashURLNotSupplied">
  +        <h:outputText value="#{messages['flash.msg.URLNotSupplied']}"/>
  +    </s:div>
  +
  +    <s:div rendered="#{not empty flashPreferences.flashURL and not flash.URLAllowed}" styleClass="flashURLNotAllowed">
  +        <h:outputText value="#{messages['flash.msg.URLNotAllowed']}"/>
  +    </s:div>
   
   </s:div>

More information about the jboss-cvs-commits mailing list