Merge pull request vitch#79 from noisysocks/master

Fix XSS vulnerablility
roadlabs · Jun 9, 2011 · 318a545 · 318a545
2 parents 0e0c0bb + 51ff22c
commit 318a545
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 9 deletions.
diff --git a/script/jquery.jscrollpane.js b/script/jquery.jscrollpane.js
@@ -1011,30 +1011,33 @@
 			function observeHash()
 			{
 				if (location.hash && location.hash.length > 1) {
+					// hash must be escaped to prevent XSS
+					var hash = escape(location.hash);
+
 					var e, retryInt;
 					try {
-						e = $(location.hash);
+						e = $(hash);
 					} catch (err) {
 						return;
 					}
 
-					if (e.length && pane.find(location.hash)) {
+					if (e.length && pane.find(hash)) {
 						// nasty workaround but it appears to take a little while before the hash has done its thing
 						// to the rendered page so we just wait until the container's scrollTop has been messed up.
 						if (container.scrollTop() === 0) {
 							retryInt = setInterval(
 								function()
 								{
 									if (container.scrollTop() > 0) {
-										scrollToElement(location.hash, true);
+										scrollToElement(hash, true);
 										$(document).scrollTop(container.position().top);
 										clearInterval(retryInt);
 									}
 								},
 								50
 							);
 						} else {
-							scrollToElement(location.hash, true);
+							scrollToElement(hash, true);
 							$(document).scrollTop(container.position().top);
 						}
 					}