defaultcontent = (attachment.contenttype.match('^text\/')) ?
attachment.data.replace('(.*\n|.+)', '>$1') : undef
%]
- <iframe id="viewFrame" src="attachment.cgi?id=[% attachment.id %]">
- <b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
- <a href="attachment.cgi?id=[% attachment.id %]">View the attachment on a separate page</a>.</b>
- </iframe>
+ [% IF attachment.contenttype == "text/html" %]
+ [%# For security reasons (clickjacking, embedded scripts), we never
+ # render HTML pages from here. The source code is displayed instead. %]
+ [% INCLUDE global/textarea.html.tmpl
+ id = 'viewFrame'
+ minrows = 10
+ cols = 80
+ defaultcontent = attachment.data
+ readonly = 'readonly'
+ %]
+ [% ELSE %]
+ <iframe id="viewFrame" src="attachment.cgi?id=[% attachment.id %]">
+ <b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
+ <a href="attachment.cgi?id=[% attachment.id %]">View the attachment on a separate page</a>.</b>
+ </iframe>
+ [% END %]
<script type="text/javascript">
<!--
var patchviewerinstalled = 0;
# style: (optional) The "style"-attribute of the textarea.
# classes: (optional) The "class"-attribute of the textarea.
# wrap: (deprecated; optional) The "wrap"-attribute of the textarea.
+ # disabled: (optional) Disable the textarea.
+ # readonly: (optional) Prevent the textarea from being edited.
# minrows: (required) Number of rows the textarea shall have initially
# and when not having focus.
# maxrows: (optional) Number of rows the textarea shall have if
[% IF classes %] class="[% classes FILTER html %]"[% END %]
[% IF wrap %] wrap="[% wrap FILTER html %]"[% END %]
[% IF disabled %] disabled="disabled"[% END %]
+ [% IF readonly %] readonly="readonly"[% END %]
[% IF defaultrows && user.settings.zoom_textareas.value == 'off' %]
rows="[% defaultrows FILTER html %]"
[% ELSE %]
projects / thirdparty / bugzilla.git / commitdiff
