aboutsummaryrefslogtreecommitdiffstats
path: root/demos/autocomplete
diff options
context:
space:
mode:
authorScott González <scott.gonzalez@gmail.com>2016-09-22 07:53:22 -0400
committerScott González <scott.gonzalez@gmail.com>2016-09-22 07:53:22 -0400
commit69e66ea6556584c39621c184f8f790a1011408ce (patch)
tree679259a159284264da6eca933a9f2ece68d00f6a /demos/autocomplete
parentc571d2f234f304defcef9ffe48bf816d99dce820 (diff)
downloadjquery-ui-69e66ea6556584c39621c184f8f790a1011408ce.tar.gz
jquery-ui-69e66ea6556584c39621c184f8f790a1011408ce.zip
Autocomplete: Escape HTML tags in callback name to avoid XSS in demo
Fixes #15048
Diffstat (limited to 'demos/autocomplete')
-rw-r--r--demos/autocomplete/search.php5
1 files changed, 4 insertions, 1 deletions
diff --git a/demos/autocomplete/search.php b/demos/autocomplete/search.php
index 489b30c1e..6ab404ccb 100644
--- a/demos/autocomplete/search.php
+++ b/demos/autocomplete/search.php
@@ -586,7 +586,10 @@ foreach ($items as $key=>$value) {
$output = json_encode($result);
if ($_GET["callback"]) {
- $output = $_GET["callback"] . "($output);";
+ // Escape special characters to avoid XSS attacks via direct loads of this
+ // page with a callback that contains HTML. This is a lot easier than validating
+ // the callback name.
+ $output = htmlspecialchars($_GET["callback"]) . "($output);";
}
echo $output;