Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Autocomplete demo: Combobox: Encode search term inside tooltips. Fixe…
…s #8859 - Autocomplete: XSS in combobox demo.
- Loading branch information
5fee6fd
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doesn't this just hide the underlying tooltip vulnerability? If so, tooltip would have to use
.text()
instead of.html()
, and make it sane to override that.5fee6fd
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmm...yeah, tooltip should handle this in the default
content
option. Good catch, I'll fix that.5fee6fd
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed in f285440.