aboutsummaryrefslogtreecommitdiff
path: root/docs/assets/js/bootstrap.js
diff options
context:
space:
mode:
authorJacob Thornton <[email protected]>2012-06-02 17:55:10 -0700
committerJacob Thornton <[email protected]>2012-06-02 17:55:10 -0700
commitf836473129819c2e348f821ed268451b9b8bf2e4 (patch)
tree5acd7d92391310068375ab10145d3cb8194a1868 /docs/assets/js/bootstrap.js
parentfc96bc8bba0687fb5845bffc72eb048535583499 (diff)
downloadbootstrap-f836473129819c2e348f821ed268451b9b8bf2e4.tar.xz
bootstrap-f836473129819c2e348f821ed268451b9b8bf2e4.zip
add html option back to tooltip and popover to explicitly prevent XSS #3421
Diffstat (limited to 'docs/assets/js/bootstrap.js')
-rw-r--r--docs/assets/js/bootstrap.js16
1 files changed, 4 insertions, 12 deletions
diff --git a/docs/assets/js/bootstrap.js b/docs/assets/js/bootstrap.js
index 1f0ae30e4..311839178 100644
--- a/docs/assets/js/bootstrap.js
+++ b/docs/assets/js/bootstrap.js
@@ -1092,20 +1092,11 @@
}
}
- , isHTML: function(text) {
- // html string detection logic adapted from jQuery
- return typeof text != 'string'
- || ( text.charAt(0) === "<"
- && text.charAt( text.length - 1 ) === ">"
- && text.length >= 3
- ) || /^(?:[^<]*<[\w\W]+>[^>]*$)/.exec(text)
- }
-
, setContent: function () {
var $tip = this.tip()
, title = this.getTitle()
- $tip.find('.tooltip-inner')[this.isHTML(title) ? 'html' : 'text'](title)
+ $tip.find('.tooltip-inner')[this.options.html ? 'html' : 'text'](title)
$tip.removeClass('fade in top bottom left right')
}
@@ -1214,6 +1205,7 @@
, trigger: 'hover'
, title: ''
, delay: 0
+ , html: true
}
}(window.jQuery);
@@ -1262,8 +1254,8 @@
, title = this.getTitle()
, content = this.getContent()
- $tip.find('.popover-title')[this.isHTML(title) ? 'html' : 'text'](title)
- $tip.find('.popover-content > *')[this.isHTML(content) ? 'html' : 'text'](content)
+ $tip.find('.popover-title')[this.options.html ? 'html' : 'text'](title)
+ $tip.find('.popover-content > *')[this.options.html ? 'html' : 'text'](content)
$tip.removeClass('fade top bottom left right in')
}