Skip to content
Snippets Groups Projects
Commit 8f616ecf authored by Robin Appelman's avatar Robin Appelman
Browse files

fix potential xss in multiselect

parent 0f454215
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 9 additions and 3 deletions
core/js/multiselect.js
+ 9
3
View file @ 8f616ecf
......@@ -57,8 +57,11 @@
element=$(element);
var item=element.val();
var id='ms'+multiSelectId+'-option-'+item;
var input=$('<input id="'+id+'" type="checkbox"/>');
var label=$('<label for="'+id+'">'+item+'</label>');
var input=$('<input type="checkbox"/>');
input.attr('id',id);
var label=$('<label/>');
label.attr('for',id);
label.text(item);
if(settings.checked.indexOf(item)!=-1 || checked){
input.attr('checked',true);
}
......@@ -130,7 +133,10 @@
li.text('+ '+settings.createText);
li.before(createItem(this));
var select=button.parent().next();
select.append($('<option selected="selected" value="'+$(this).val()+'">'+$(this).val()+'</option>'));
var option=$('<option selected="selected"/>');
option.attr('value',$(this).val());
option.text($(this).val());
select.append(optione);
li.prev().children('input').trigger('click');
button.parent().data('preventHide',false);
if(settings.createCallback){
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment