Skip to content

Commit

Permalink
Autocomplete demo: Combobox: Encode search term inside tooltips. Fixe…
Browse files Browse the repository at this point in the history 
…s #8859 - Autocomplete: XSS in combobox demo.
  • Loading branch information
@scottgonzalez
scottgonzalez committed Nov 27, 2012
1 parent c4b7c75 commit 5fee6fd
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion demos/autocomplete/combobox.html
View file
Expand Up @@ -61,7 +61,7 @@
// remove invalid value, as it didn't match anything
$( element )
.val( "" )
.attr( "title", value + " didn't match any item" )
.attr( "title", $( "<a>" ).text( value ).html() + " didn't match any item" )
.tooltip( "open" );
select.val( "" );
setTimeout(function() {
Expand Down

3 comments on commit 5fee6fd

@jzaefferer
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't this just hide the underlying tooltip vulnerability? If so, tooltip would have to use .text() instead of .html(), and make it sane to override that.

@scottgonzalez
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm...yeah, tooltip should handle this in the default content option. Good catch, I'll fix that.

@scottgonzalez
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in f285440.

Please sign in to comment.