From f2854408cce7e4b7fc6bf8676761904af9c96bde Mon Sep 17 00:00:00 2001 From: Scott González Date: Tue, 27 Nov 2012 11:21:33 -0500 Subject: Tooltip: Escape the title attribute so that it's treated as text and not HTML. Fixes #8861 - Tooltip: XSS vulnerability in default content. --- tests/unit/tooltip/tooltip_options.js | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'tests/unit') diff --git a/tests/unit/tooltip/tooltip_options.js b/tests/unit/tooltip/tooltip_options.js index f9da27fb7..01ac25040 100644 --- a/tests/unit/tooltip/tooltip_options.js +++ b/tests/unit/tooltip/tooltip_options.js @@ -16,6 +16,20 @@ test( "content: default", function() { deepEqual( $( "#" + element.data( "ui-tooltip-id" ) ).text(), "anchortitle" ); }); +test( "content: default; HTML escaping", function() { + expect( 2 ); + var scriptText = "", + element = $( "#tooltipped1" ); + + $.ui.tooltip.hacked = false; + element.attr( "title", scriptText ) + .tooltip() + .tooltip( "open" ); + equal( $.ui.tooltip.hacked, false, "script did not execute" ); + deepEqual( $( "#" + element.data( "ui-tooltip-id" ) ).text(), scriptText, + "correct tooltip text" ); +}); + test( "content: return string", function() { expect( 1 ); var element = $( "#tooltipped1" ).tooltip({ -- cgit v1.2.3