Skip to content
Permalink
Browse files
Autocomplete demo: Combobox: Encode search term inside tooltips. Fixe…
…s #8859 - Autocomplete: XSS in combobox demo.
  • Loading branch information
scottgonzalez committed Nov 27, 2012
1 parent c4b7c75 commit 5fee6fd5000072ff32f2d65b6451f39af9e0e39e
Showing 1 changed file with 1 addition and 1 deletion.
@@ -61,7 +61,7 @@
// remove invalid value, as it didn't match anything
$( element )
.val( "" )
.attr( "title", value + " didn't match any item" )
.attr( "title", $( "<a>" ).text( value ).html() + " didn't match any item" )
.tooltip( "open" );
select.val( "" );
setTimeout(function() {

3 comments on commit 5fee6fd

@jzaefferer
Copy link
Member

@jzaefferer jzaefferer commented on 5fee6fd Nov 27, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't this just hide the underlying tooltip vulnerability? If so, tooltip would have to use .text() instead of .html(), and make it sane to override that.

@scottgonzalez
Copy link
Member Author

@scottgonzalez scottgonzalez commented on 5fee6fd Nov 27, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm...yeah, tooltip should handle this in the default content option. Good catch, I'll fix that.

@scottgonzalez
Copy link
Member Author

@scottgonzalez scottgonzalez commented on 5fee6fd Nov 27, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in f285440.

Please sign in to comment.