library-mirrors/jquery-ui
1
0
Fork 0
mirror of https://github.com/jquery/jquery-ui.git synced 2024-10-05 01:44:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8cc5bae1ca
jquery-ui/ui
History
Michał Gołębiowski-Owczarek 8cc5bae1ca
Checkboxradio: Don't re-evaluate text labels as HTML 
If you generate a Checkboxradio from a checkbox/radio with a label that
contains encoded HTML, e.g. `<em>test</em>` this will work fine
at first. If, however a refresh is triggered on that instance (explicitly or
e.g. by turning it into a `Controlgroup`), the previously escaped HTML will
now be evaluated.

If the label was created based on some user input, this could lead to
unexpected code execution even though the initial output was escaped.

Fixes gh-2101
Closes gh-2102
2022-07-14 20:52:02 +02:00
..
effects Build: Migrate from JSHint & JSCS to ESLint 2021-06-07 00:58:12 +02:00
i18n Datepicker: Capitalize some Indonesian words 2022-07-14 19:53:59 +02:00
vendor/jquery-color Build: Update jQuery Simulate, jQuery Migrate & jQuery Color 2020-05-16 08:26:48 +02:00
widgets Checkboxradio: Don't re-evaluate text labels as HTML 2022-07-14 20:52:02 +02:00
.eslintrc.json Build: Migrate from JSHint & JSCS to ESLint 2021-06-07 00:58:12 +02:00
core.js Docs: Update removal comments to mention 1.14, not 1.13 2021-08-26 13:36:06 +02:00
data.js Build: Migrate from JSHint & JSCS to ESLint 2021-06-07 00:58:12 +02:00
disable-selection.js Build: Migrate from JSHint & JSCS to ESLint 2021-06-07 00:58:12 +02:00
effect.js Effect: Define the jQuery variable before jQuery Color gets imported 2021-09-03 14:42:30 +02:00
focusable.js Build: Migrate from JSHint & JSCS to ESLint 2021-06-07 00:58:12 +02:00
form-reset-mixin.js Build: Migrate from JSHint & JSCS to ESLint 2021-06-07 00:58:12 +02:00
form.js Build: Migrate from JSHint & JSCS to ESLint 2021-06-07 00:58:12 +02:00
ie.js Build: Migrate from JSHint & JSCS to ESLint 2021-06-07 00:58:12 +02:00
jquery-patch.js Build: Migrate from JSHint & JSCS to ESLint 2021-06-07 00:58:12 +02:00
jquery-var-for-color.js Effect: Define the jQuery variable before jQuery Color gets imported 2021-09-03 14:42:30 +02:00
keycode.js Build: Migrate from JSHint & JSCS to ESLint 2021-06-07 00:58:12 +02:00
labels.js Build: Migrate from JSHint & JSCS to ESLint 2021-06-07 00:58:12 +02:00
plugin.js Build: Migrate from JSHint & JSCS to ESLint 2021-06-07 00:58:12 +02:00
position.js Build: Migrate from JSHint & JSCS to ESLint 2021-06-07 00:58:12 +02:00
safe-active-element.js Build: Migrate from JSHint & JSCS to ESLint 2021-06-07 00:58:12 +02:00
safe-blur.js Build: Migrate from JSHint & JSCS to ESLint 2021-06-07 00:58:12 +02:00
scroll-parent.js Build: Migrate from JSHint & JSCS to ESLint 2021-06-07 00:58:12 +02:00
tabbable.js Build: Migrate from JSHint & JSCS to ESLint 2021-06-07 00:58:12 +02:00
unique-id.js Build: Migrate from JSHint & JSCS to ESLint 2021-06-07 00:58:12 +02:00
version.js Build: Migrate from JSHint & JSCS to ESLint 2021-06-07 00:58:12 +02:00
widget.js Widget: Optimize attachment of the _untrackClassesElement listener 2022-01-15 01:26:23 +01:00