aboutsummaryrefslogtreecommitdiffstats
path: root/tests/unit
diff options
context:
space:
mode:
authorScott González <scott.gonzalez@gmail.com>2012-11-27 11:21:33 -0500
committerScott González <scott.gonzalez@gmail.com>2012-11-27 11:21:33 -0500
commitf2854408cce7e4b7fc6bf8676761904af9c96bde (patch)
treeff4b9d3cc46b42745eea842052fb415c700fca71 /tests/unit
parent5fee6fd5000072ff32f2d65b6451f39af9e0e39e (diff)
downloadjquery-ui-f2854408cce7e4b7fc6bf8676761904af9c96bde.tar.gz
jquery-ui-f2854408cce7e4b7fc6bf8676761904af9c96bde.zip
Tooltip: Escape the title attribute so that it's treated as text and not HTML. Fixes #8861 - Tooltip: XSS vulnerability in default content.
Diffstat (limited to 'tests/unit')
-rw-r--r--tests/unit/tooltip/tooltip_options.js14
1 files changed, 14 insertions, 0 deletions
diff --git a/tests/unit/tooltip/tooltip_options.js b/tests/unit/tooltip/tooltip_options.js
index f9da27fb7..01ac25040 100644
--- a/tests/unit/tooltip/tooltip_options.js
+++ b/tests/unit/tooltip/tooltip_options.js
@@ -16,6 +16,20 @@ test( "content: default", function() {
deepEqual( $( "#" + element.data( "ui-tooltip-id" ) ).text(), "anchortitle" );
});
+test( "content: default; HTML escaping", function() {
+ expect( 2 );
+ var scriptText = "<script>$.ui.tooltip.hacked = true;</script>",
+ element = $( "#tooltipped1" );
+
+ $.ui.tooltip.hacked = false;
+ element.attr( "title", scriptText )
+ .tooltip()
+ .tooltip( "open" );
+ equal( $.ui.tooltip.hacked, false, "script did not execute" );
+ deepEqual( $( "#" + element.data( "ui-tooltip-id" ) ).text(), scriptText,
+ "correct tooltip text" );
+});
+
test( "content: return string", function() {
expect( 1 );
var element = $( "#tooltipped1" ).tooltip({