Permalink
Browse files

Don't concatenate tainted strings in JS. Fixes #1976.

  • Loading branch information...
1 parent 28cd0ad commit 92c264033a23cd9e7473a60948760baefd488407 @bharat bharat committed Jan 30, 2013
Showing with 5 additions and 1 deletion.
  1. +5 −1 modules/gallery/js/l10n_client.js
@@ -140,7 +140,11 @@ jQuery.extend(Gallery, {
} else {
if(search.length > 0) {
$('#l10n-client-string-select li').hide();
- $('#l10n-client-string-select li:contains('+search+')').show();
+ $('#l10n-client-string-select li').each(function() {
+ if ($(this).val().indexOf(search) != -1) {
+ $(this).show();
+ }
+ });
$('#l10n-client #g-l10n-search').val(search);
}
}

0 comments on commit 92c2640

Please sign in to comment.