aboutsummaryrefslogtreecommitdiffstats
path: root/demos/autocomplete
diff options
context:
space:
mode:
authorScott González <scott.gonzalez@gmail.com>2012-11-27 11:21:33 -0500
committerScott González <scott.gonzalez@gmail.com>2012-11-27 11:21:33 -0500
commitf2854408cce7e4b7fc6bf8676761904af9c96bde (patch)
treeff4b9d3cc46b42745eea842052fb415c700fca71 /demos/autocomplete
parent5fee6fd5000072ff32f2d65b6451f39af9e0e39e (diff)
downloadjquery-ui-f2854408cce7e4b7fc6bf8676761904af9c96bde.tar.gz
jquery-ui-f2854408cce7e4b7fc6bf8676761904af9c96bde.zip
Tooltip: Escape the title attribute so that it's treated as text and not HTML. Fixes #8861 - Tooltip: XSS vulnerability in default content.
Diffstat (limited to 'demos/autocomplete')
-rw-r--r--demos/autocomplete/combobox.html2
1 files changed, 1 insertions, 1 deletions
diff --git a/demos/autocomplete/combobox.html b/demos/autocomplete/combobox.html
index 8c6f59fc1..6229d47b2 100644
--- a/demos/autocomplete/combobox.html
+++ b/demos/autocomplete/combobox.html
@@ -61,7 +61,7 @@
// remove invalid value, as it didn't match anything
$( element )
.val( "" )
- .attr( "title", $( "<a>" ).text( value ).html() + " didn't match any item" )
+ .attr( "title", value + " didn't match any item" )
.tooltip( "open" );
select.val( "" );
setTimeout(function() {