diff --git a/src/main/java/org/olat/admin/sysinfo/InfoMsgForm.java b/src/main/java/org/olat/admin/sysinfo/InfoMsgForm.java
index a03eb6adf946ae09595cdcccb65cdd7f832fad4f..926f4810357602a2d0c39edbe621d283a5f673ab 100644
--- a/src/main/java/org/olat/admin/sysinfo/InfoMsgForm.java
+++ b/src/main/java/org/olat/admin/sysinfo/InfoMsgForm.java
@@ -21,15 +21,20 @@
* OpenOLAT - Online Learning and Training</a><br>
* This file has been modified by the OpenOLAT community. Changes are licensed
* under the Apache 2.0 license as the original file.
+* <p>
+* Initial code contributed and copyrighted by<br>
+* 2012 by frentix GmbH, http://www.frentix.com
+* <p>
*/
package org.olat.admin.sysinfo;
import org.olat.core.gui.UserRequest;
import org.olat.core.gui.components.form.flexible.FormItemContainer;
-import org.olat.core.gui.components.form.flexible.elements.TextElement;
+import org.olat.core.gui.components.form.flexible.elements.RichTextElement;
import org.olat.core.gui.components.form.flexible.impl.FormBasicController;
import org.olat.core.gui.components.form.flexible.impl.FormLayoutContainer;
+import org.olat.core.gui.components.form.flexible.impl.elements.richText.RichTextConfiguration;
import org.olat.core.gui.control.Controller;
import org.olat.core.gui.control.Event;
import org.olat.core.gui.control.WindowControl;
@@ -38,10 +43,12 @@ import org.olat.core.gui.control.WindowControl;
* Initial Date: Apr 30, 2004
*
* @author Mike Stock
+ * @author Sergio Trentini
+ * @author Florian Gnägi
*/
public class InfoMsgForm extends FormBasicController {
- private TextElement msg;
+ private RichTextElement msg;
private String infomsg;
/**
@@ -49,7 +56,7 @@ public class InfoMsgForm extends FormBasicController {
* @param infomsg
*/
public InfoMsgForm(UserRequest ureq, WindowControl wControl, String infomsg) {
- super(ureq, wControl);
+ super(ureq, wControl, LAYOUT_VERTICAL);
this.infomsg = infomsg;
initForm(ureq);
}
@@ -58,7 +65,8 @@ public class InfoMsgForm extends FormBasicController {
* @return the info message
*/
public String getInfoMsg() {
- return msg.getValue();
+ // use raw value to circumvent XSS filtering of script tags
+ return msg.getRawValue();
}
public void reset() {
@@ -78,9 +86,17 @@ public class InfoMsgForm extends FormBasicController {
@Override
protected void initForm(FormItemContainer formLayout, Controller listener, UserRequest ureq) {
- msg = uifactory.addRichTextElementForStringDataMinimalistic("msg", "infomsg", infomsg, 20, 60, false, formLayout, ureq.getUserSession(), getWindowControl());
+ msg = uifactory.addRichTextElementForStringData("msg", "infomsg", infomsg, 20, 70, false, true, null, null, formLayout, ureq.getUserSession(), getWindowControl());
msg.setMaxLength(1024);
+ RichTextConfiguration richTextConfig = msg.getEditorConfiguration();
+ // manually enable the source edit button
+ richTextConfig.setQuotedConfigValue(RichTextConfiguration.THEME_ADVANCED_BUTTONS3_ADD, RichTextConfiguration.SEPARATOR_BUTTON + "," + RichTextConfiguration.CODE_BUTTON);
+ //allow script tags...
+ richTextConfig.setQuotedConfigValue(RichTextConfiguration.INVALID_ELEMENTS, RichTextConfiguration.INVALID_ELEMENTS_FORM_FULL_VALUE_UNSAVE_WITH_SCRIPT);
+ richTextConfig.setQuotedConfigValue(RichTextConfiguration.EXTENDED_VALID_ELEMENTS, "script[src,type,defer]");
+
+
FormLayoutContainer buttonGroupLayout = FormLayoutContainer.createButtonLayout("buttonGroupLayout", getTranslator());
formLayout.add(buttonGroupLayout);
uifactory.addFormSubmitButton("submit", "submit", buttonGroupLayout);
diff --git a/src/main/java/org/olat/admin/sysinfo/_content/infomsg.html b/src/main/java/org/olat/admin/sysinfo/_content/infomsg.html
index d18b98a6a1553690522438b3857b6365866c2c40..b4651b1d1849181964c948ec7f7ecd36f17e3ec3 100644
--- a/src/main/java/org/olat/admin/sysinfo/_content/infomsg.html
+++ b/src/main/java/org/olat/admin/sysinfo/_content/infomsg.html
@@ -1,4 +1,7 @@
-<i>Message Admin-Token: $!admintoken</i><br/>
+<p>
+ <i>Message Admin-Token: $!admintoken</i>
+</p>
+
<fieldset>
<legend>$r.translate("infomsg.title")</legend>
#if ($infomsg)
@@ -28,7 +31,6 @@ $r.render("infomsgEdit") $r.render("infomsgClear")
</fieldset>
#end
-<hr class="o_separator">
<fieldset>
<legend>$r.translate("maintenancemsg.title")</legend>