From 74f713457a1d50b39a564cb0a647b2d937473e24 Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Tue, 10 Jan 2012 00:53:33 +0100 Subject: Bug 716283: Clickjacking in the attachment "Details" page allows to bypass token checks r=dkl a=LpSolit --- template/en/default/global/textarea.html.tmpl | 3 +++ 1 file changed, 3 insertions(+) (limited to 'template/en/default/global/textarea.html.tmpl') diff --git a/template/en/default/global/textarea.html.tmpl b/template/en/default/global/textarea.html.tmpl index c158615bd..ac7ab04ec 100644 --- a/template/en/default/global/textarea.html.tmpl +++ b/template/en/default/global/textarea.html.tmpl @@ -21,6 +21,8 @@ # style: (optional) The "style"-attribute of the textarea. # classes: (optional) The "class"-attribute of the textarea. # wrap: (deprecated; optional) The "wrap"-attribute of the textarea. + # disabled: (optional) Disable the textarea. + # readonly: (optional) Prevent the textarea from being edited. # minrows: (required) Number of rows the textarea shall have initially # and when not having focus. # maxrows: (optional) Number of rows the textarea shall have if @@ -42,6 +44,7 @@ [% IF classes %] class="[% classes FILTER html %]"[% END %] [% IF wrap %] wrap="[% wrap FILTER html %]"[% END %] [% IF disabled %] disabled="disabled"[% END %] + [% IF readonly %] readonly="readonly"[% END %] [% IF defaultrows && user.settings.zoom_textareas.value == 'off' %] rows="[% defaultrows FILTER html %]" [% ELSE %] -- cgit v1.2.3-24-g4f1b