Skip to content
This repository was archived by the owner on Oct 8, 2021. It is now read-only.

Commit 8cf6b38

Browse files
author
Gabriel Schulhof
committed
Checkboxradio: Make sure IDs passed into selectors are properly escaped
1 parent dcbe28b commit 8cf6b38

File tree

1 file changed

+9
-6
lines changed

1 file changed

+9
-6
lines changed

js/widgets/forms/checkboxradio.js

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -10,12 +10,15 @@
1010
//>>css.theme: ../css/themes/default/jquery.mobile.theme.css
1111

1212
define( [ "jquery",
13+
"../../navigation/path",
1314
"../../jquery.mobile.core",
1415
"../../jquery.mobile.widget",
1516
"./reset" ], function( jQuery ) {
1617
//>>excludeEnd("jqmBuildExclude");
1718
(function( $, undefined ) {
1819

20+
var escapeId = $.mobile.path.hashToSelector;
21+
1922
$.widget( "mobile.checkboxradio", $.extend( {
2023

2124
initSelector: "input:not( :jqmData(role='flipswitch' ) )[type='checkbox'],input[type='radio']:not( :jqmData(role='flipswitch' ))",
@@ -42,7 +45,7 @@ $.widget( "mobile.checkboxradio", $.extend( {
4245
input
4346
.closest( "form, fieldset, :jqmData(role='page'), :jqmData(role='dialog')" )
4447
.find( "label" )
45-
.filter( "[for='" + $.mobile.path.hashToSelector( input[0].id ) + "']" )
48+
.filter( "[for='" + escapeId( input[0].id ) + "']" )
4649
.first(),
4750
inputtype = input[0].type,
4851
checkedClass = "ui-" + inputtype + "-on",
@@ -186,9 +189,8 @@ $.widget( "mobile.checkboxradio", $.extend( {
186189
// this radio button. In the case of a checkbox or a radio lacking a name
187190
// attribute, it returns this.element.
188191
_getInputSet: function() {
189-
var formParent, inputSelector, thisPage, thisPageSelector,
192+
var formParent, inputSelector, thisPage, thisPageSelector, formId,
190193
thisElement = this.element,
191-
formId = thisElement.attr( "form" ),
192194
outsideForm = false,
193195
returnValue = thisElement,
194196
name = thisElement[ 0 ].name;
@@ -198,17 +200,18 @@ $.widget( "mobile.checkboxradio", $.extend( {
198200
if ( !( this.inputtype === "checkbox" || !name ) ) {
199201

200202
inputSelector = "input[type='radio'][name='" + name + "']";
201-
202203
thisPageSelector = ":jqmData(role='page'), " +
203204
":jqmData(role='dialog')" +
204205
( $.mobile.page ? ", :mobile-page" : "" ) +
205206
", body";
206207
thisPage = thisElement.closest( thisPageSelector );
208+
formId = thisElement.attr( "form" );
207209

210+
// Establish formParent
208211
if ( formId ) {
209212

210213
// This element has a form attribute. Let's find the form.
211-
formParent = thisPage.find( "#" + formId );
214+
formParent = thisPage.find( "#" + escapeId( formId ) );
212215
} else {
213216

214217
// Are we inside a form?
@@ -225,7 +228,7 @@ $.widget( "mobile.checkboxradio", $.extend( {
225228
// form
226229
if ( formId ) {
227230
returnValue = thisPage
228-
.find( inputSelector + "[form='" + formId + "']" )
231+
.find( inputSelector + "[form='" + escapeId( formId ) + "']" )
229232
.add( returnValue );
230233
}
231234
} else {

0 commit comments

Comments
 (0)