Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #2567673 by joelpittet: Escaped markup with $.text() injected into a tag will cause XSS

8.0.x
Alex Pott 2015-09-13 14:14:53 +01:00
parent df7ced5544
commit dc2be10a4e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/modules/views_ui/js/views-admin.js
View File

@ -291,7 +291,7 @@
*/
Drupal.viewsUi.AddItemForm.prototype.handleCheck = function (event) {
var $target = $(event.target);
var label = $.trim($target.next().text());
var label = $.trim($target.next().html());
// Add/remove the checked item to the list.
if ($target.is(':checked')) {
this.$selected_div.show().css('display', 'block');