dépôts
/
lhc
/
web
/
wiklou.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
86a727b
)
SECURITY: jquery.makeCollapsible: Escape user-generated CSS selectors
author
Bartosz Dziewoński
<matma.rex@gmail.com>
Mon, 2 Mar 2020 16:08:15 +0000
(17:08 +0100)
committer
Reedy
<reedy@wikimedia.org>
Thu, 26 Mar 2020 14:05:20 +0000
(14:05 +0000)
Bug: T246602
Change-Id: Iea64a258499ab597b9a8900418a42162fdb5f391
resources/src/jquery/jquery.makeCollapsible.js
patch
|
blob
|
history
diff --git
a/resources/src/jquery/jquery.makeCollapsible.js
b/resources/src/jquery/jquery.makeCollapsible.js
index
1f40e0a
..
a433497
100644
(file)
--- a/
resources/src/jquery/jquery.makeCollapsible.js
+++ b/
resources/src/jquery/jquery.makeCollapsible.js
@@
-279,6
+279,7
@@
} else {
collapsibleId = $collapsible.attr( 'id' ) || '';
if ( collapsibleId.indexOf( 'mw-customcollapsible-' ) === 0 ) {
+ collapsibleId = $.escapeSelector( collapsibleId );
$customTogglers = $( '.' + collapsibleId.replace( 'mw-customcollapsible', 'mw-customtoggle' ) )
.addClass( 'mw-customtoggle' );
}