##// END OF EJS Templates
select2: always escape .text attributes to prevent XSS via...
ergo -
r2196:2338f289 stable
parent child Browse files
Show More
@@ -223,7 +223,7 b' var formatSelect2SelectionRefs = functio'
223 223 } else if (commit_ref.type === 'book'){
224 224 tmpl = tmpl.concat('<i class="icon-bookmark"></i> ');
225 225 }
226 return tmpl.concat(commit_ref.text);
226 return tmpl.concat(escapeHtml(commit_ref.text));
227 227 };
228 228
229 229 // takes a given html element and scrolls it down offset pixels
@@ -35,7 +35,6 b' var select2RefBaseSwitcher = function(ta'
35 35 $(targetElement).select2({
36 36 cachedDataSource: {},
37 37 dropdownAutoWidth: true,
38 formatResult: formatResult,
39 38 width: "resolve",
40 39 containerCssClass: "drop-menu",
41 40 dropdownCssClass: "drop-menu-dropdown",
@@ -59,11 +58,10 b' var select2RefBaseSwitcher = function(ta'
59 58 });
60 59 }
61 60 },
62
63 61 initSelection: function(element, callback) {
64 62 callback(initialData);
65 63 },
66
64 formatResult: formatResult,
67 65 formatSelection: formatSelection
68 66 });
69 67
General Comments 0
You need to be logged in to leave comments. Login now