mirror of
https://github.com/jquery/jquery-ui.git
synced 2024-12-07 06:14:24 +00:00
8cc5bae1ca
If you generate a Checkboxradio from a checkbox/radio with a label that contains encoded HTML, e.g. `<em>test</em>` this will work fine at first. If, however a refresh is triggered on that instance (explicitly or e.g. by turning it into a `Controlgroup`), the previously escaped HTML will now be evaluated. If the label was created based on some user input, this could lead to unexpected code execution even though the initial output was escaped. Fixes gh-2101 Closes gh-2102
89 lines
3.7 KiB
HTML
89 lines
3.7 KiB
HTML
<!doctype html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<title>jQuery UI Checkboxradio Test Suite</title>
|
|
|
|
<script src="../../../external/requirejs/require.js"></script>
|
|
<script src="../../lib/css.js" data-modules="core button checkboxradio"></script>
|
|
<script src="../../lib/bootstrap.js" data-widget="button"></script>
|
|
</head>
|
|
<body>
|
|
|
|
<div id="qunit"></div>
|
|
<div id="qunit-fixture">
|
|
|
|
<div id="radio0">
|
|
<input type="radio" id="radio01" name="radio" checked="checked"><label for="radio01">Choice 1</label>
|
|
<input type="radio" id="radio02" name="radio"><label for="radio02">Choice 2</label>
|
|
<input type="radio" id="radio03" name="radio"><label for="radio03">Choice 3</label>
|
|
</div>
|
|
<form id="form1">
|
|
<div id="radio1">
|
|
<input type="radio" id="radio11" name="radio"><label for="radio11">Choice 1</label>
|
|
<input type="radio" id="radio12" name="radio"><label for="radio12">Choice 2</label>
|
|
<input type="radio" id="radio13" name="radio" checked="checked"><label for="radio13">Choice 3</label>
|
|
</div>
|
|
</form>
|
|
<form id="form2">
|
|
<div id="radio2">
|
|
<input type="radio" id="radio21" name="radio"><label for="radio21">Choice 1</label>
|
|
<input type="radio" id="radio22" name="radio"><label for="radio22">Choice 2</label>
|
|
<input type="radio" id="radio23" name="radio" checked="checked"><label for="radio23">Choice 3</label>
|
|
</div>
|
|
</form>
|
|
<form>
|
|
<div id="radio3">
|
|
<input type="radio" id="radio31" name="data['Page']['parse']"><label for="radio31">Choice 1</label>
|
|
<input type="radio" id="radio32" name="data['Page']['parse']" checked="checked"><label for="radio32">Choice 2</label>
|
|
<input type="radio" id="radio33" name="data['Page']['parse']"><label for="radio33">Choice 3</label>
|
|
</div>
|
|
</form>
|
|
|
|
<input type="checkbox" id="check"><label for="check">Toggle</label>
|
|
<input type="checkbox" id="check2"><label for="check2">Checkbox</label>
|
|
<label for="checkbox-method-refresh" id="checkbox-method-refresh-label">checkbox refresh</label>
|
|
<input type="checkbox" id="checkbox-method-refresh"/>
|
|
<label for="checkbox-method-destroy" class="bar" id="checkbox-method-destroy-label">checkbox refresh</label>
|
|
<input type="checkbox" class="foo" id="checkbox-method-destroy"/>
|
|
<label for="checkbox-method-disable">checkbox refresh</label>
|
|
<input type="checkbox" class="foo" id="checkbox-method-disable"/>
|
|
|
|
<label for="radio-method-refresh" id="radio-method-refresh-label">radio refresh</label>
|
|
<input type="radio" id="radio-method-refresh"/>
|
|
<label for="radio-method-destroy" class="bar" id="radio-method-destroy-label">radio refresh</label>
|
|
<input type="radio" class="foo" id="radio-method-destroy"/>
|
|
<label for="radio-method-disable">radio refresh</label>
|
|
<input type="radio" class="foo" id="radio-method-disable"/>
|
|
|
|
<label for="checkbox-option-disabled">checkbox disabled</label>
|
|
<input type="checkbox" class="foo" id="checkbox-option-disabled"/>
|
|
<label for="checkbox-option-icon">checkbox icon</label>
|
|
<input type="checkbox" class="foo" id="checkbox-option-icon"/>
|
|
<label for="checkbox-option-label">checkbox label<input type="checkbox" class="foo" id="checkbox-option-label"/></label>
|
|
<label>
|
|
<input type="checkbox" id="label-with-no-for"/>
|
|
</label>
|
|
<label>
|
|
<input type="checkbox" id="label-with-no-for-with-html"/>
|
|
<strong>Hi</strong>, <em>I'm a label</em>
|
|
</label>
|
|
<label>
|
|
<input type="checkbox" id="label-with-no-for-with-text"/>
|
|
Hi, I'm a label
|
|
</label>
|
|
<label>
|
|
<input type="checkbox" id="label-with-no-for-with-html-like-text"/>
|
|
<em>Hi, I'm a label</em>
|
|
</label>
|
|
|
|
<form id="form3"></form>
|
|
<input type="radio" name="crazy-form" id="crazy-form-1" form="form3" checked="checked">
|
|
<label for="crazy-form-1">Choice 1</label>
|
|
<input type="radio" name="crazy-form" id="crazy-form-2" form="form3">
|
|
<label for="crazy-form-2">Choice 2</label>
|
|
|
|
</div>
|
|
</body>
|
|
</html>
|