From 92c264033a23cd9e7473a60948760baefd488407 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Wed, 30 Jan 2013 14:19:44 -0500
Subject: Don't concatenate tainted strings in JS.  Fixes #1976.

---
 modules/gallery/js/l10n_client.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'modules')

diff --git a/modules/gallery/js/l10n_client.js b/modules/gallery/js/l10n_client.js
index a1b970e7..6d919c29 100644
--- a/modules/gallery/js/l10n_client.js
+++ b/modules/gallery/js/l10n_client.js
@@ -140,7 +140,11 @@ jQuery.extend(Gallery, {
       } else {
         if(search.length > 0) {
           $('#l10n-client-string-select li').hide();
-          $('#l10n-client-string-select li:contains('+search+')').show();
+          $('#l10n-client-string-select li').each(function() {
+            if ($(this).val().indexOf(search) != -1) {
+		$(this).show();
+	    }
+          });
           $('#l10n-client #g-l10n-search').val(search);
         }
       }
-- 
cgit v1.2.3