Skip to content
Permalink
Browse files

Dialog: Extract setting the title into a _title method, use .text() t…

…o prevent XSS. Fixes #6016 - Dialog: Title XSS Vulnerability.
  • Loading branch information
jzaefferer committed Nov 26, 2012
1 parent 60486ac commit 7e9060c109b928769a664dbcc2c17bd21231b6f3
Showing with 9 additions and 4 deletions.
  1. +9 −4 ui/jquery.ui.dialog.js
@@ -352,14 +352,21 @@ $.widget("ui.dialog", {
uiDialogTitle = $( "<span>" )
.uniqueId()
.addClass( "ui-dialog-title" )
.html( this.options.title || "&#160;" )
.prependTo( this.uiDialogTitlebar );
this._title( uiDialogTitle );

this.uiDialog.attr({
"aria-labelledby": uiDialogTitle.attr( "id" )
});
},

_title: function( title ) {
if ( !this.options.title ) {
title.html( "&#160;" );
}
title.text( this.options.title );
},

_createButtonPane: function() {
var uiDialogButtonPane = ( this.uiDialogButtonPane = $( "<div>" ) )
.addClass( "ui-dialog-buttonpane ui-widget-content ui-helper-clearfix" );
@@ -600,9 +607,7 @@ $.widget("ui.dialog", {
}

if ( key === "title" ) {
// convert whatever was passed in to a string, for html() to not throw up
$( ".ui-dialog-title", this.uiDialogTitlebar )
.html( "" + ( value || "&#160;" ) );
this._title( this.uiDialogTitlebar.find( ".ui-dialog-title" ) );
}
},

0 comments on commit 7e9060c

Please sign in to comment.
You can’t perform that action at this time.