From 74f713457a1d50b39a564cb0a647b2d937473e24 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Tue, 10 Jan 2012 00:53:33 +0100
Subject: Bug 716283: Clickjacking in the attachment "Details" page allows to
 bypass token checks r=dkl a=LpSolit

---
 template/en/default/global/textarea.html.tmpl | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'template/en/default/global')

diff --git a/template/en/default/global/textarea.html.tmpl b/template/en/default/global/textarea.html.tmpl
index c158615bd..ac7ab04ec 100644
--- a/template/en/default/global/textarea.html.tmpl
+++ b/template/en/default/global/textarea.html.tmpl
@@ -21,6 +21,8 @@
   # style:          (optional) The "style"-attribute of the textarea.
   # classes:        (optional) The "class"-attribute of the textarea.
   # wrap:           (deprecated; optional) The "wrap"-attribute of the textarea.
+  # disabled:       (optional) Disable the textarea.
+  # readonly:       (optional) Prevent the textarea from being edited.
   # minrows:        (required) Number of rows the textarea shall have initially
   #                 and when not having focus.
   # maxrows:        (optional) Number of rows the textarea shall have if
@@ -42,6 +44,7 @@
           [% IF classes %] class="[% classes FILTER html %]"[% END %]
           [% IF wrap %] wrap="[% wrap FILTER html %]"[% END %]
           [% IF disabled %] disabled="disabled"[% END %]
+          [% IF readonly %] readonly="readonly"[% END %]
           [% IF defaultrows && user.settings.zoom_textareas.value == 'off' %]
             rows="[% defaultrows FILTER html %]"
           [% ELSE %]
-- 
cgit v1.2.3-24-g4f1b