aboutsummaryrefslogtreecommitdiffstats
path: root/ui/jquery.ui.tooltip.js
diff options
context:
space:
mode:
authorScott González <scott.gonzalez@gmail.com>2012-11-27 11:21:33 -0500
committerScott González <scott.gonzalez@gmail.com>2012-11-27 11:21:33 -0500
commitf2854408cce7e4b7fc6bf8676761904af9c96bde (patch)
treeff4b9d3cc46b42745eea842052fb415c700fca71 /ui/jquery.ui.tooltip.js
parent5fee6fd5000072ff32f2d65b6451f39af9e0e39e (diff)
downloadjquery-ui-f2854408cce7e4b7fc6bf8676761904af9c96bde.tar.gz
jquery-ui-f2854408cce7e4b7fc6bf8676761904af9c96bde.zip
Tooltip: Escape the title attribute so that it's treated as text and not HTML. Fixes #8861 - Tooltip: XSS vulnerability in default content.
Diffstat (limited to 'ui/jquery.ui.tooltip.js')
-rw-r--r--ui/jquery.ui.tooltip.js4
1 files changed, 3 insertions, 1 deletions
diff --git a/ui/jquery.ui.tooltip.js b/ui/jquery.ui.tooltip.js
index 2ccd61f46..ab8d5173c 100644
--- a/ui/jquery.ui.tooltip.js
+++ b/ui/jquery.ui.tooltip.js
@@ -46,7 +46,9 @@ $.widget( "ui.tooltip", {
version: "@VERSION",
options: {
content: function() {
- return $( this ).attr( "title" );
+ var title = $( this ).attr( "title" );
+ // Escape title, since we're going from an attribute to raw HTML
+ return $( "<a>" ).text( title ).html();
},
hide: true,
// Disabled elements have inconsistent behavior across browsers (#8661)