Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixes #11859 - handle HTML in parameters safely when hiding values (C…
  • Loading branch information
shlomizadok authored and Dominic Cleal committed Sep 21, 2015
1 parent 04fa19d commit 4f3555b
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions app/assets/javascripts/hidden_values.js
Expand Up @@ -5,20 +5,20 @@ function turn_textarea_switch(checkbox) {
var $editorContainer = $('.editor-container');

if (checkbox.checked) {
target = '<input class="form-control" type="password" id="' + id + '" name="' + source.name + '" value ="' + source.value + '"></input>'
target = $('<input/>').attr({ type: 'password', id: id, name: source.name, value: $(source).val(), class: 'form-control'});
$editorContainer.find('.navbar').hide();
$editorContainer.find('.ace_editor').remove();
$(source).replaceWith(target);
} else if ($('.editor-container').length > 0) {
target = '<textarea class="form-control editor_source hide" id="' + id + '" name="' + source.name + '" placeholder="Value" rows="1">' + source.value + '</textarea>'
target = $('<textarea/>').attr({class: 'form-control editor_source hide', id: id, name: source.name, placeholder: 'Value', rows: 1, value: $(source).val()});
$editorContainer.find('.navbar').show();
$(source).replaceWith(target);

onEditorLoad();
session = Editor.getSession();
session.setValue($(source).val());
} else {
var target = '<textarea class="form-control" id="' + id + '" name="' + source.name + '" placeholder="Value" rows="1">' + source.value + '</textarea>'
var target = $('<textarea/>').attr({class: 'form-control', id: id, name: source.name, placeholder: 'Value', rows: 1, value: $(source).val()});
$(source).replaceWith(target);
}
}
Expand Down

0 comments on commit 4f3555b

Please sign in to comment.