diff options
author | Dave Lawrence <dlawrence@mozilla.com> | 2012-01-11 07:11:04 +0100 |
---|---|---|
committer | Dave Lawrence <dlawrence@mozilla.com> | 2012-01-11 07:11:04 +0100 |
commit | 4a58678de6f0cd1e25b2b3d2f3dd42e0f973f324 (patch) | |
tree | 030d3faa56c7d92f3a4d13917f9f7685ce3f1788 /template/en/default/attachment | |
parent | e23fa261d61319ece1ccfe87a64cf860b02f0eaa (diff) | |
parent | 320b36d4a9aa69e0fa806cd25c84c42d5a36966e (diff) | |
download | bugzilla-4a58678de6f0cd1e25b2b3d2f3dd42e0f973f324.tar.gz bugzilla-4a58678de6f0cd1e25b2b3d2f3dd42e0f973f324.tar.xz |
merged with bugzilla/4.2
Diffstat (limited to 'template/en/default/attachment')
-rw-r--r-- | template/en/default/attachment/edit.html.tmpl | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/template/en/default/attachment/edit.html.tmpl b/template/en/default/attachment/edit.html.tmpl index fbe3a9c79..95ad4d335 100644 --- a/template/en/default/attachment/edit.html.tmpl +++ b/template/en/default/attachment/edit.html.tmpl @@ -197,6 +197,16 @@ [% END %] </a> </p> + [% ELSIF attachment.contenttype == "text/html" %] + [%# For security reasons (clickjacking, embedded scripts), we never + # render HTML pages from here. The source code is displayed instead. %] + [% INCLUDE global/textarea.html.tmpl + id = 'viewFrame' + minrows = 10 + cols = 80 + defaultcontent = attachment.data + readonly = 'readonly' + %] [% ELSE %] <iframe id="viewFrame" src="attachment.cgi?id=[% attachment.id %]"> <b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. |