I've noticed that the new FormItem.setShowClippedValueOnHover(), which defaults to true, will run script when the hover prompt is shown.
Entering any value that extends past the clipping area of the field and adding something like this:
will show the full field value and run the onerror script when the hover appears.
Is this intended behavior?
I'm using Chrome and SmartClient Version: v9.0p_2013-07-10/LGPL Development Only (built 2013-07-10)
Entering any value that extends past the clipping area of the field and adding something like this:
Code:
<img src="." onerror="alert('abc')">
Is this intended behavior?
I'm using Chrome and SmartClient Version: v9.0p_2013-07-10/LGPL Development Only (built 2013-07-10)
Comment