You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@royale.apache.org by hu...@apache.org on 2022/01/30 13:42:32 UTC

[royale-asjs] branch develop updated: Reverted innerHTML for security concerns but keep the new functionality

This is an automated email from the ASF dual-hosted git repository.

hugoferreira pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/royale-asjs.git


The following commit(s) were added to refs/heads/develop by this push:
     new 34f5785  Reverted innerHTML for security concerns but keep the new functionality
34f5785 is described below

commit 34f5785ae1f50bf4f35437b72d97cd686983dba6
Author: Hugo Ferreira <hf...@solidsoft.pt>
AuthorDate: Sun Jan 30 13:43:05 2022 +0000

    Reverted innerHTML for security concerns but keep the new functionality
---
 .../Basic/src/main/royale/org/apache/royale/html/CheckBox.as      | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/frameworks/projects/Basic/src/main/royale/org/apache/royale/html/CheckBox.as b/frameworks/projects/Basic/src/main/royale/org/apache/royale/html/CheckBox.as
index 0bdd673..dbe7a70 100644
--- a/frameworks/projects/Basic/src/main/royale/org/apache/royale/html/CheckBox.as
+++ b/frameworks/projects/Basic/src/main/royale/org/apache/royale/html/CheckBox.as
@@ -159,7 +159,9 @@ package org.apache.royale.html
 			_icon = new CheckBoxIcon();
             element.appendChild(_icon.element);
 
-            element.appendChild(document.createElement('span'));
+            var span:Element = document.createElement('span');
+            span.appendChild(document.createTextNode(''));
+            element.appendChild(span);
             //positioner.style.position = 'relative';
 			_icon.element.royale_wrapper = this;
 
@@ -170,12 +172,12 @@ package org.apache.royale.html
 
         public function get text():String
         {
-            return _label.childNodes.item(1).innerHTML;
+            return _label.childNodes.item(1).childNodes.item(0).nodeValue;
         }
 
         public function set text(value:String):void
         {
-            _label.childNodes.item(1).innerHTML = value;
+            _label.childNodes.item(1).childNodes.item(0).nodeValue = value;
         }
 
         /**