From f5c735f49ae6a3bac15a39f7367f518d87907219 Mon Sep 17 00:00:00 2001 From: Adam Chlipala Date: Sun, 15 Apr 2012 12:40:53 -0400 Subject: Remove string-valued style attribute, which may allow injection attacks --- lib/ur/basis.urs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ur') diff --git a/lib/ur/basis.urs b/lib/ur/basis.urs index 60a95db6..2869adce 100644 --- a/lib/ur/basis.urs +++ b/lib/ur/basis.urs @@ -743,7 +743,7 @@ con scrollEvents = [Onscroll = transaction unit] con boxEvents = focusEvents ++ mouseEvents ++ keyEvents ++ resizeEvents ++ scrollEvents con tableEvents = focusEvents ++ mouseEvents ++ keyEvents -con boxAttrs = [Id = id, Title = string, Style = string] ++ boxEvents +con boxAttrs = [Id = id, Title = string] ++ boxEvents con tableAttrs = [Id = id, Title = string] ++ tableEvents val span : bodyTag boxAttrs -- cgit v1.2.3