Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Autocomplete demo: Combobox: Encode search term inside tooltips. Fixe…
…s #8859 - Autocomplete: XSS in combobox demo.
- Loading branch information
5fee6fdThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doesn't this just hide the underlying tooltip vulnerability? If so, tooltip would have to use
.text()instead of.html(), and make it sane to override that.5fee6fdThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmm...yeah, tooltip should handle this in the default
contentoption. Good catch, I'll fix that.5fee6fdThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed in f285440.