diff options
| author | Andy Staudacher <andy.st@gmail.com> | 2009-09-01 01:12:02 -0700 |
|---|---|---|
| committer | Andy Staudacher <andy.st@gmail.com> | 2009-09-01 01:12:02 -0700 |
| commit | ff1979e12e0b012374e2ab3712b19f87e1a92e64 (patch) | |
| tree | 3c58fd3be9ff74838c01387ba0405ca95112aa0b /modules/tag/js | |
| parent | d2cea7905e342c2a9a7cec03058ab762d0d1ba7f (diff) | |
Fix XSS in tags JS
Diffstat (limited to 'modules/tag/js')
| -rw-r--r-- | modules/tag/js/tag.js | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/modules/tag/js/tag.js b/modules/tag/js/tag.js index 61ac73f4..aaae9e72 100644 --- a/modules/tag/js/tag.js +++ b/modules/tag/js/tag.js @@ -27,18 +27,24 @@ function closeEditInPlaceForms() { } } +function str_replace(search_term, replacement, string) { + var temp = string.split(search_term); + return temp.join(replacement); +} + function editInPlace(element) { closeEditInPlaceForms(); // create edit form var tag_id = $(this).attr('id').substr(5); - var tag_name = $(this).text(); + var tag_name = $(this).html(); var tag_width = $(this).width(); $(this).parent().data("revert", $(this).parent().html()); var form = '<form id="gRenameTagForm" method="post" class="ui-helper-clearfix" '; form += 'action="' + TAG_RENAME_URL.replace('__ID__', tag_id) + '">'; form += '<input name="csrf" type="hidden" value="' + csrf_token + '" />'; - form += '<input id="name" name="name" type="text" class="textbox" value="' + tag_name + '" />'; + form += '<input id="name" name="name" type="text" class="textbox" value="' + + str_replace('"', """, tag_name) + '" />'; form += '<input type="submit" class="submit ui-state-default ui-corner-all" value="' + save_i18n + '" i/>'; form += '<a href="#">' + cancel_i18n + '</a>'; form += '</form>'; |