dépôts
/
lhc
/
web
/
wiklou.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
d9ca1db
)
In OutputPage::addScriptFile(): escape attributes for HTML. No XSS, just good practice.
author
Tim Starling
<tstarling@users.mediawiki.org>
Wed, 1 Apr 2009 08:50:57 +0000
(08:50 +0000)
committer
Tim Starling
<tstarling@users.mediawiki.org>
Wed, 1 Apr 2009 08:50:57 +0000
(08:50 +0000)
includes/OutputPage.php
patch
|
blob
|
history
diff --git
a/includes/OutputPage.php
b/includes/OutputPage.php
index
ed9a43d
..
39a248f
100644
(file)
--- a/
includes/OutputPage.php
+++ b/
includes/OutputPage.php
@@
-103,7
+103,15
@@
class OutputPage {
} else {
$path = "{$wgStylePath}/common/{$file}";
}
- $this->addScript( "<script type=\"{$wgJsMimeType}\" src=\"$path?$wgStyleVersion\"></script>\n" );
+ $this->addScript(
+ Xml::element( 'script',
+ array(
+ 'type' => $wgJsMimeType,
+ 'src' => "$path?$wgStyleVersion",
+ ),
+ '', false
+ )
+ );
}
/**