[pmwiki-users] Form Input missing 4 types !!!!
JB
jbit at ev1.net
Mon Aug 28 11:17:51 CDT 2006
> > No, because PmWiki doesn't provide any way for an author to
> > add an "onClick" attribute to those button types.
I think I just found a security risk. I just tested this on
a just now newly installed, non-farm, non-customized pmwiki.
http://wiki.bybent.com/testwiki/pmwiki.php?n=Main.HomePage
To see javascript execute click anywhere on the table.
Table directives allow almost any attributes (I think).
I was able to get the onlclick() event to work when
set in a PMWiki page source (below).
------------------------------------------------------------------------
(:table border=1 cellpadding=5 cellspacing=0 name=monkeybutt
onclick='alert("hello");' :)
(:cell:) a1
(:cell:) b1
(:cell:) c1
(:cell:) d1
(:cellnr:) a2
(:cell:) b2
(:cell:) c2
(:cell:) d2
(:tableend:)
More information about the pmwiki-users
mailing list