diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2013-01-30 14:19:44 -0500 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2013-01-30 14:19:44 -0500 |
| commit | 92c264033a23cd9e7473a60948760baefd488407 (patch) | |
| tree | 54c1697b25862d6f183082e4e841b0a6a54e6103 | |
| parent | 28cd0ad2c13fec256c4a0f162ec7b552eb88d66c (diff) | |
Don't concatenate tainted strings in JS. Fixes #1976.
| -rw-r--r-- | modules/gallery/js/l10n_client.js | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/modules/gallery/js/l10n_client.js b/modules/gallery/js/l10n_client.js index a1b970e7..6d919c29 100644 --- a/modules/gallery/js/l10n_client.js +++ b/modules/gallery/js/l10n_client.js @@ -140,7 +140,11 @@ jQuery.extend(Gallery, { } else { if(search.length > 0) { $('#l10n-client-string-select li').hide(); - $('#l10n-client-string-select li:contains('+search+')').show(); + $('#l10n-client-string-select li').each(function() { + if ($(this).val().indexOf(search) != -1) { + $(this).show(); + } + }); $('#l10n-client #g-l10n-search').val(search); } } |