summaryrefslogtreecommitdiffstats
path: root/template/en/default
diff options
context:
space:
mode:
Diffstat (limited to 'template/en/default')
-rw-r--r--template/en/default/attachment/edit.html.tmpl10
-rw-r--r--template/en/default/global/textarea.html.tmpl3
2 files changed, 13 insertions, 0 deletions
diff --git a/template/en/default/attachment/edit.html.tmpl b/template/en/default/attachment/edit.html.tmpl
index fbe3a9c79..95ad4d335 100644
--- a/template/en/default/attachment/edit.html.tmpl
+++ b/template/en/default/attachment/edit.html.tmpl
@@ -197,6 +197,16 @@
[% END %]
</a>
</p>
+ [% ELSIF attachment.contenttype == "text/html" %]
+ [%# For security reasons (clickjacking, embedded scripts), we never
+ # render HTML pages from here. The source code is displayed instead. %]
+ [% INCLUDE global/textarea.html.tmpl
+ id = 'viewFrame'
+ minrows = 10
+ cols = 80
+ defaultcontent = attachment.data
+ readonly = 'readonly'
+ %]
[% ELSE %]
<iframe id="viewFrame" src="attachment.cgi?id=[% attachment.id %]">
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
diff --git a/template/en/default/global/textarea.html.tmpl b/template/en/default/global/textarea.html.tmpl
index c158615bd..ac7ab04ec 100644
--- a/template/en/default/global/textarea.html.tmpl
+++ b/template/en/default/global/textarea.html.tmpl
@@ -21,6 +21,8 @@
# style: (optional) The "style"-attribute of the textarea.
# classes: (optional) The "class"-attribute of the textarea.
# wrap: (deprecated; optional) The "wrap"-attribute of the textarea.
+ # disabled: (optional) Disable the textarea.
+ # readonly: (optional) Prevent the textarea from being edited.
# minrows: (required) Number of rows the textarea shall have initially
# and when not having focus.
# maxrows: (optional) Number of rows the textarea shall have if
@@ -42,6 +44,7 @@
[% IF classes %] class="[% classes FILTER html %]"[% END %]
[% IF wrap %] wrap="[% wrap FILTER html %]"[% END %]
[% IF disabled %] disabled="disabled"[% END %]
+ [% IF readonly %] readonly="readonly"[% END %]
[% IF defaultrows && user.settings.zoom_textareas.value == 'off' %]
rows="[% defaultrows FILTER html %]"
[% ELSE %]