diff options
| author | Jörn Zaefferer <joern.zaefferer@gmail.com> | 2012-11-26 10:14:36 +0100 |
|---|---|---|
| committer | Jörn Zaefferer <joern.zaefferer@gmail.com> | 2012-11-26 10:28:25 +0100 |
| commit | 7e9060c109b928769a664dbcc2c17bd21231b6f3 (patch) | |
| tree | 60c772fb5729c4cb8971994d7f81f1db4c0e3561 | |
| parent | 60486ac632a0a1bbbb0c7449fe17bccfae11af80 (diff) | |
| download | jquery-ui-7e9060c109b928769a664dbcc2c17bd21231b6f3.tar.gz jquery-ui-7e9060c109b928769a664dbcc2c17bd21231b6f3.zip | |
Dialog: Extract setting the title into a _title method, use .text() to prevent XSS. Fixes #6016 - Dialog: Title XSS Vulnerability.
| -rw-r--r-- | ui/jquery.ui.dialog.js | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/ui/jquery.ui.dialog.js b/ui/jquery.ui.dialog.js index 5eb3e2aca..808d31d5b 100644 --- a/ui/jquery.ui.dialog.js +++ b/ui/jquery.ui.dialog.js @@ -352,14 +352,21 @@ $.widget("ui.dialog", { uiDialogTitle = $( "<span>" ) .uniqueId() .addClass( "ui-dialog-title" ) - .html( this.options.title || " " ) .prependTo( this.uiDialogTitlebar ); + this._title( uiDialogTitle ); this.uiDialog.attr({ "aria-labelledby": uiDialogTitle.attr( "id" ) }); }, + _title: function( title ) { + if ( !this.options.title ) { + title.html( " " ); + } + title.text( this.options.title ); + }, + _createButtonPane: function() { var uiDialogButtonPane = ( this.uiDialogButtonPane = $( "<div>" ) ) .addClass( "ui-dialog-buttonpane ui-widget-content ui-helper-clearfix" ); @@ -600,9 +607,7 @@ $.widget("ui.dialog", { } if ( key === "title" ) { - // convert whatever was passed in to a string, for html() to not throw up - $( ".ui-dialog-title", this.uiDialogTitlebar ) - .html( "" + ( value || " " ) ); + this._title( this.uiDialogTitlebar.find( ".ui-dialog-title" ) ); } }, |