Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SECURITY: jquery.makeCollapsible: Escape user-generated CSS selectors

Browse source 
Bug: T246602
Change-Id: Iea64a258499ab597b9a8900418a42162fdb5f391
This commit is contained in:
Bartosz Dziewoński 2020-03-02 17:08:15 +01:00 committed by Reedy
parent 38d55e8e67
commit be02ebb993
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
resources/src/jquery/jquery.makeCollapsible.js
View file

@ -243,6 +243,7 @@
} else { } else {
collapsibleId = $collapsible.attr( 'id' ) || ''; collapsibleId = $collapsible.attr( 'id' ) || '';
if ( collapsibleId.indexOf( 'mw-customcollapsible-' ) === 0 ) { if ( collapsibleId.indexOf( 'mw-customcollapsible-' ) === 0 ) {
collapsibleId = $.escapeSelector( collapsibleId );
$customTogglers = $( '.' + collapsibleId.replace( 'mw-customcollapsible', 'mw-customtoggle' ) ) $customTogglers = $( '.' + collapsibleId.replace( 'mw-customcollapsible', 'mw-customtoggle' ) )
.addClass( 'mw-customtoggle' ); .addClass( 'mw-customtoggle' );
} }