Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #2479 from rogerbraun/fix-polymorphic-xss
XSS Fix: Use jQuery to build select options instead of +.
  • Loading branch information
sferik committed Nov 19, 2015
2 parents 022a4fe + 79a673b commit 4653319
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions app/assets/javascripts/rails_admin/ra.widgets.coffee
Expand Up @@ -163,9 +163,12 @@ $(document).on 'rails_admin.dom_ready', (e, content) ->
beforeSend: (xhr) ->
xhr.setRequestHeader("Accept", "application/json")
success: (data, status, xhr) ->
html = '<option></option>'
html = $('<option></option>')
$(data).each (i, el) ->
html += '<option value="' + el.id + '">' + el.label + '</option>'
option = $('<option></option>')
option.attr('value', el.id)
option.text(el.label)
html = html.add(option)
object_select.html(html)

# ckeditor
Expand Down

0 comments on commit 4653319

Please sign in to comment.