Permalink
Browse files

add css-escape to avoid jquery based xss

  • Loading branch information...
t-ashula committed Dec 15, 2013
1 parent ffb2d5d commit 7fea82094723ecfb4e9b3ea6819137b99d7dfa9c
Showing with 3 additions and 3 deletions.
  1. +3 −3 src/navtree.js
View
@@ -276,7 +276,7 @@ function highlightAnchor()
var anchor = $(aname);
if (anchor.parent().attr('class')=='memItemLeft'){
var rows = $('.memberdecls tr[class$="'+
window.location.hash.substring(1)+'"]');
window.location.hash.substring(1).replace(/</g,'\\3c ')+'"]');
glowEffect(rows.children(),300); // member without details
} else if (anchor.parents().slice(2).prop('tagName')=='TR') {
glowEffect(anchor.parents('div.memitem'),1000); // enum value
@@ -295,7 +295,7 @@ function selectAndHighlight(hash,n)
var a;
if (hash) {
var link=stripPath($(location).attr('pathname'))+':'+hash.substring(1);
a=$('.item a[class$="'+link+'"]');
a=$('.item a[class$="'+link.replace(/</g,'\\3c ')+'"]');
}
if (a && a.length) {
a.parent().parent().addClass('selected');
@@ -496,7 +496,7 @@ function initNavTree(toroot,relpath)
if ($(location).attr('hash')){
var clslink=stripPath($(location).attr('pathname'))+':'+
$(location).attr('hash').substring(1);
a=$('.item a[class$="'+clslink+'"]');
a=$('.item a[class$="'+clslink.replace(/</g,'\\3c ')+'"]');
}
if (a==null || !$(a).parent().parent().hasClass('selected')){
$('.item').removeClass('selected');

0 comments on commit 7fea820

Please sign in to comment.