Dialog: Extract setting the title into a _title method, use .text() to prevent XSS...

diff --git a/ui/jquery.ui.dialog.js b/ui/jquery.ui.dialog.js
index 5eb3e2aca824de2b34d05026265789afda431c41..808d31d5b2b7c319a034af2440013ac676d7fd2f 100644 (file)
--- a/ui/jquery.ui.dialog.js
+++ b/ui/jquery.ui.dialog.js
@@ -352,14 +352,21 @@ $.widget("ui.dialog", {
                uiDialogTitle = $( "<span>" )
                        .uniqueId()
                        .addClass( "ui-dialog-title" )
-                       .html( this.options.title || "&#160;" )
                        .prependTo( this.uiDialogTitlebar );
+               this._title( uiDialogTitle );
 
                this.uiDialog.attr({
                        "aria-labelledby": uiDialogTitle.attr( "id" )
                });
        },
 
+       _title: function( title ) {
+               if ( !this.options.title ) {
+                       title.html( "&#160;" );
+               }
+               title.text( this.options.title );
+       },
+
        _createButtonPane: function() {
                var uiDialogButtonPane = ( this.uiDialogButtonPane = $( "<div>" ) )
                        .addClass( "ui-dialog-buttonpane ui-widget-content ui-helper-clearfix" );
@@ -600,9 +607,7 @@ $.widget("ui.dialog", {
                }
 
                if ( key === "title" ) {
-                       // convert whatever was passed in to a string, for html() to not throw up
-                       $( ".ui-dialog-title", this.uiDialogTitlebar )
-                               .html( "" + ( value || "&#160;" ) );
+                       this._title( this.uiDialogTitlebar.find( ".ui-dialog-title" ) );
                }
        },