Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fix XSS vulnerability. Closes #1922

  • Loading branch information...
commit 20083612c87787e164950719bac161041be9f1dc 1 parent 76e27e9
@mshibuya mshibuya authored
View
11 app/assets/javascripts/rails_admin/ra.filtering-multiselect.js
@@ -163,14 +163,15 @@
_queryFilter: function(val) {
var widget = this;
widget._query(val, function(matches) {
- var i, html = "";
+ var i;
+ widget.collection.html('');
for (i in matches) {
if (matches.hasOwnProperty(i) && !widget.selected(matches[i].id)) {
- html += '<option value="' + matches[i].id + '" title="' + matches[i].label + '">' + matches[i].label + '</option>';
+ widget.collection.append(
+ $('<option></option>').attr('value', matches[i].id).attr('title', matches[i].label).text(matches[i].label)
+ );
}
}
-
- widget.collection.html(html);
});
},
@@ -247,7 +248,7 @@
if (el.length) {
el.attr("selected", "selected");
} else {
- widget.element.append($('<option value="' + option.value + '" selected="selected"></option>'));
+ widget.element.append($('<option></option>').attr('value', option.value).attr('selected', "selected"));
}
});
$(options).appendTo(this.selection).attr('selected', false);
View
2  app/assets/javascripts/rails_admin/ra.filtering-select.js
@@ -50,7 +50,7 @@
minLength: this.options.minLength,
source: this._getSourceFunction(this.options.source),
select: function(event, ui) {
- var option = $('<option value="' + ui.item.id + '" selected="selected">' + ui.item.value + '</option>');
+ var option = $('<option></option>').attr('value', ui.item.id).attr('selected', 'selected').text(ui.item.value);
select.html(option);
select.trigger("change", ui.item.id);
self._trigger("selected", event, {
Please sign in to comment.
Something went wrong with that request. Please try again.