New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fixed XSS vulnerability in Clearing #6640

Merged
merged 1 commit into from Jun 19, 2015

Conversation

Projects
None yet
2 participants
@mayakokits
Contributor

mayakokits commented Jun 19, 2015

changed the caption function to use plain javaScript .innerHTML which doesn't make script tags executable

fixed XSS vulnerability in Clearing
.html() executes even encoded scripts.
.innerHTML doesn't.

gakimball added a commit that referenced this pull request Jun 19, 2015

Merge pull request #6640 from mayakokits/6639
fixed XSS vulnerability in Clearing

@gakimball gakimball merged commit bf57af9 into zurb:master Jun 19, 2015

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment