Commit 2e43c46f authored by Chenu Denis's avatar Chenu Denis

[feature] XSS compatibility

parent 1371d861
......@@ -6,7 +6,7 @@ This add a new advanced setting in all question where user can just put javascri
- **Compatibility** : Need [LS-SondagesPro](https://github.com/SondagesPro/LimeSurvey-SondagesPro) release 1.1.0 and up or with [LimeSurvey](https://www.limesurvey.org/) 2.50_plus_160731 and up.
- With LimeSurvey 2.63 version : you must use 1.0.2
- **filterxsshtml** : [filterxsshtml](https://manual.limesurvey.org/Optional_settings#Security) is not taken in account when loading attribute.
- **filterxsshtml** : [filterxsshtml](https://manual.limesurvey.org/Optional_settings#Security) if it's activated, admin user see it like a readonly attribute (since 2.1.0)
## Installation
......@@ -25,6 +25,7 @@ This add a new advanced setting in all question where user can just put javascri
- Licence : GNU Affero General Public License <https://www.gnu.org/licenses/agpl-3.0.html>
## Changelog
- 2018-03-09 [2.1.0] Usage of XSS security
- 2018-03-08 [2.0.0] LimeSurvey 3.X version (tested on 3.4.4)
- 2017-06-27 [1.0.2] Fix {SGQ} replacement
- 2017-02-20 [1.0.0] Some fix, and compatibility
......
......@@ -6,7 +6,7 @@
* @author Denis Chenu <denis@sondages.pro>
* @copyright 2016-2018 Denis Chenu <http://www.sondages.pro>
* @license AGPL v3
* @version 2.0.0
* @version 2.1.0
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE as published by
......@@ -109,6 +109,7 @@ class addScriptToQuestion extends PluginBase
CClientScript::POS_READY=>"the script is inserted in the jQuery's ready function (POS_READY).",
),
'default'=>$this->get('scriptPositionDefault',null,null,$this->settings['scriptPositionDefault']['default']),
'readonly'=>Yii::app()->getConfig('filterxsshtml') && !Permission::model()->hasGlobalPermission('superadmin', 'read'),
'help'=>gT('Set the position of the script, see http://www.yiiframework.com/doc/api/1.1/CClientScript#registerScript-detail .'),
'caption'=>gT('Position for the script'),
);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment