Hopiu/jquery-mobile
1
0
Fork 0
mirror of https://github.com/Hopiu/jquery-mobile.git synced 2026-05-01 03:14:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

move $.fn.text invocation to $.fn.getEncodedTest where the content is being re-added to the dom for xss safety Fixes #2550

Browse source
This commit is contained in:
John Bender 2011-10-04 15:48:05 -07:00
parent 90d8387caf
commit 71b0eb0552
4 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
js/jquery.mobile.buttonMarkup.js
View file

@ -54,7 +54,7 @@ $.fn.buttonMarkup = function( options ) {
buttonClass += " ui-btn-icon-" + o.iconpos;
if ( o.iconpos == "notext" && !el.attr( "title" ) ) {
el.attr( "title", el.text() );
el.attr( "title", el.getEncodedText() );
}
}

4
js/jquery.mobile.forms.slider.js
View file

@ -90,7 +90,7 @@ $.widget( "mobile.slider", $.mobile.widget, {
$( "<div class='ui-slider-labelbg ui-slider-labelbg-" + side + theme + " ui-btn-corner-" + corners + "'></div>" )
.prependTo( slider );
$( "<span class='ui-slider-label ui-slider-label-" + side + theme + " ui-btn-corner-" + corners + "' role='img'>" + $( this ).text() + "</span>" )
$( "<span class='ui-slider-label ui-slider-label-" + side + theme + " ui-btn-corner-" + corners + "' role='img'>" + $( this ).getEncodedText() + "</span>" )
.prependTo( handle );
});
@ -268,7 +268,7 @@ $.widget( "mobile.slider", $.mobile.widget, {
this.handle.css( "left", percent + "%" );
this.handle.attr( {
"aria-valuenow": cType === "input" ? newval : control.find( "option" ).eq( newval ).attr( "value" ),
"aria-valuetext": cType === "input" ? newval : control.find( "option" ).eq( newval ).text(),
"aria-valuetext": cType === "input" ? newval : control.find( "option" ).eq( newval ).getEncodedText(),
title: newval
});

4
js/jquery.mobile.listview.js
View file

@ -161,7 +161,7 @@ $.widget( "mobile.listview", $.mobile.widget, {
splittheme = listsplittheme || last.jqmData( "theme" ) || o.splitTheme;
last.appendTo(item)
.attr( "title", last.text() )
.attr( "title", last.getEncodedText() )
.addClass( "ui-li-link-alt" )
.empty()
.buttonMarkup({
@ -242,7 +242,7 @@ $.widget( "mobile.listview", $.mobile.widget, {
parent = list.parent(),
nodeEls = $( list.prevAll().toArray().reverse() ),
nodeEls = nodeEls.length ? nodeEls : $( "<span>" + $.trim(parent.contents()[ 0 ].nodeValue) + "</span>" ),
title = nodeEls.first().text(),//url limits to first 30 chars of text
title = nodeEls.first().getEncodedText(),//url limits to first 30 chars of text
id = ( parentUrl || "" ) + "&" + $.mobile.subPageUrlKey + "=" + listId,
theme = list.jqmData( "theme" ) || o.theme,
countTheme = list.jqmData( "counttheme" ) || parentList.jqmData( "counttheme" ) || o.countTheme,

2
js/jquery.mobile.navigation.js
View file

@ -1090,7 +1090,7 @@
}
//if title element wasn't found, try the page div data attr too
var newPageTitle = toPage.jqmData( "title" ) || toPage.children(":jqmData(role='header')").find(".ui-title" ).text();
var newPageTitle = toPage.jqmData( "title" ) || toPage.children(":jqmData(role='header')").find(".ui-title" ).getEncodedText();
if( !!newPageTitle && pageTitle == document.title ) {
pageTitle = newPageTitle;
}