diff options
| author | Johann-S <[email protected]> | 2018-05-30 09:41:05 +0200 |
|---|---|---|
| committer | Johann-S <[email protected]> | 2018-06-01 09:10:25 +0200 |
| commit | 2d90d369bbc2bd2647620246c55cec8c4705e3d0 (patch) | |
| tree | d9df023eca32b14b44443096990473d96dd4b5d1 | |
| parent | e3084c3842809ca83aaaba7c8f53ea2b0ffabe0a (diff) | |
| download | bootstrap-2d90d369bbc2bd2647620246c55cec8c4705e3d0.tar.xz bootstrap-2d90d369bbc2bd2647620246c55cec8c4705e3d0.zip | |
fix(tooltip): xss in container option
| -rw-r--r-- | js/src/tooltip.js | 2 | ||||
| -rw-r--r-- | js/tests/visual/tooltip.html | 53 |
2 files changed, 34 insertions, 21 deletions
diff --git a/js/src/tooltip.js b/js/src/tooltip.js index ed10057ed..3d4e93f2b 100644 --- a/js/src/tooltip.js +++ b/js/src/tooltip.js @@ -273,7 +273,7 @@ const Tooltip = (($) => { const attachment = this._getAttachment(placement) this.addAttachmentClass(attachment) - const container = this.config.container === false ? document.body : $(this.config.container) + const container = this.config.container === false ? document.body : $(document).find(this.config.container) $(tip).data(this.constructor.DATA_KEY, this) diff --git a/js/tests/visual/tooltip.html b/js/tests/visual/tooltip.html index 91713044a..d81b018cc 100644 --- a/js/tests/visual/tooltip.html +++ b/js/tests/visual/tooltip.html @@ -27,27 +27,40 @@ <hr> - <p> - <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="auto" title="Tooltip on auto"> - Tooltip on auto - </button> - <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="top" title="Tooltip on top"> - Tooltip on top - </button> - <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="right" title="Tooltip on right"> - Tooltip on right - </button> - <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="bottom" title="Tooltip on bottom"> - Tooltip on bottom - </button> - <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="left" title="Tooltip on left"> - Tooltip on left - </button> - <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-html="true" title="<em>Tooltip</em> <u>with</u> <b>HTML</b>"> - Tooltip with HTML - </button> - </p> + <div class="row"> + <p> + <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="auto" title="Tooltip on auto"> + Tooltip on auto + </button> + <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="top" title="Tooltip on top"> + Tooltip on top + </button> + <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="right" title="Tooltip on right"> + Tooltip on right + </button> + <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="bottom" title="Tooltip on bottom"> + Tooltip on bottom + </button> + <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="left" title="Tooltip on left"> + Tooltip on left + </button> + </p> + </div> + <div class="row"> + <p> + <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="left" title="Tooltip with XSS" data-container="<img src=1 onerror=alert(123) />"> + Tooltip with XSS + </button> + <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="left" title="Tooltip with container" data-container="#customContainer"> + Tooltip with container + </button> + <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-html="true" title="<em>Tooltip</em> <u>with</u> <b>HTML</b>"> + Tooltip with HTML + </button> + </p> + </div> <div id="target" title="Test tooltip on transformed element"></div> + <div id="customContainer"></div> </div> <script src="../../../assets/js/vendor/jquery-slim.min.js"></script> |