$OpenBSD: patch-framework_forms_Form_php,v 1.1 2013/10/01 18:58:21 jasper Exp $

commit a338e608b8798d1d00d63114d0981bb8c9989160
Author: Ingo Schommer <ingo@silverstripe.com>
Date:   Tue Sep 24 13:58:32 2013 +0200
Subject: API Escape form validation messages (SS-2013-008)

--- framework/forms/Form.php.orig	Wed Feb 20 02:02:44 2013
+++ framework/forms/Form.php	Tue Oct  1 20:52:26 2013
@@ -144,6 +144,10 @@ class Form extends RequestHandler {
 	 */
 	protected $attributes = array();
 
+	private static $casting = array(
+		'Message' => 'Text'
+	);
+
 	/**
 	 * Create a new form, with the given fields an action buttons.
 	 * 
@@ -439,7 +443,7 @@ class Form extends RequestHandler {
 	}
 
 	/**
-	 * Add an error message to a field on this form.  It will be saved into the session
+	 * Add a plain text error message to a field on this form.  It will be saved into the session
 	 * and used the next time this form is displayed.
 	 */
 	public function addErrorMessage($fieldName, $message, $messageType) {
