From: Ori Livneh <ori@wikimedia.org>
Date: Fri, 9 Nov 2012 17:15:23 +0000 (-0800)
Subject: Sanitize text input to $.fn.badge
X-Git-Tag: 1.31.0-rc.0~21687^2
X-Git-Url: http://git.cyclocoop.org/%24self?a=commitdiff_plain;h=f58e2d45b8358bc904fc83f53833fbf2aebeb7a1;p=lhc%2Fweb%2Fwiklou.git

Sanitize text input to $.fn.badge

Closes a potential XSS vector, as pointed out by Krinkle in
32091.

Change-Id: Iea702fb8736799dc7f8238e4cb357da22304c1dd
---

diff --git a/resources/jquery/jquery.badge.js b/resources/jquery/jquery.badge.js
index 982974761d..17b6b33ebf 100644
--- a/resources/jquery/jquery.badge.js
+++ b/resources/jquery/jquery.badge.js
@@ -41,10 +41,9 @@
 				$badge.find( '.mw-badge-content' ).text( text );
 			} else {
 				// Otherwise, create a new badge with the specified text and style
-				div = document.createElement( 'div' );
-				div.className = 'mw-badge mw-badge-' + ( inline ? 'inline' : 'overlay' );
-				div.innerHTML = '<span class="mw-badge-content">' + text + '</span>';
-				$( div ).appendTo( this );
+				$badge = $( '<div class="mw-badge mw-badge-' + ( inline ? 'inline' : 'overlay' ) + '"></div>' )
+					.append( $( '<span class="mw-badge-content"></span>' ).text ( text ) )
+					.appendTo( this );
 			}
 		} else {
 			$badge.remove();