library-mirrors/jquery-ui
1
0
Fork 0
mirror of https://github.com/jquery/jquery-ui.git synced 2024-11-21 11:04:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Dialog: Extract setting the title into a _title method, use .text() to prevent XSS. Fixes #6016 - Dialog: Title XSS Vulnerability.

Browse Source
This commit is contained in:
Jörn Zaefferer 2012-11-26 10:14:36 +01:00
parent 60486ac632
commit 7e9060c109
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ui/jquery.ui.dialog.js vendored
View File

@ -352,14 +352,21 @@ $.widget("ui.dialog", {
uiDialogTitle = $( "<span>" ) uiDialogTitle = $( "<span>" )
.uniqueId() .uniqueId()
.addClass( "ui-dialog-title" ) .addClass( "ui-dialog-title" )
.html( this.options.title || "&#160;" )
.prependTo( this.uiDialogTitlebar ); .prependTo( this.uiDialogTitlebar );
this._title( uiDialogTitle );
this.uiDialog.attr({ this.uiDialog.attr({
"aria-labelledby": uiDialogTitle.attr( "id" ) "aria-labelledby": uiDialogTitle.attr( "id" )
}); });
}, },
_title: function( title ) {
if ( !this.options.title ) {
title.html( "&#160;" );
}
title.text( this.options.title );
},
_createButtonPane: function() { _createButtonPane: function() {
var uiDialogButtonPane = ( this.uiDialogButtonPane = $( "<div>" ) ) var uiDialogButtonPane = ( this.uiDialogButtonPane = $( "<div>" ) )
.addClass( "ui-dialog-buttonpane ui-widget-content ui-helper-clearfix" ); .addClass( "ui-dialog-buttonpane ui-widget-content ui-helper-clearfix" );
@ -600,9 +607,7 @@ $.widget("ui.dialog", {
} }
if ( key === "title" ) { if ( key === "title" ) {
// convert whatever was passed in to a string, for html() to not throw up this._title( this.uiDialogTitlebar.find( ".ui-dialog-title" ) );
$( ".ui-dialog-title", this.uiDialogTitlebar )
.html( "" + ( value || "&#160;" ) );
} }
}, },