]> git.ipfire.org Git - thirdparty/foundation/foundation-sites.git/commit
projects / thirdparty / foundation / foundation-sites.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 26b3159) | patch
Read title value as text instead of HTML 7359/head
authorTrevor Bramble <inbox@trevorbramble.com>
Thu, 3 Dec 2015 02:08:00 +0000 (18:08 -0800)
committerTrevor Bramble <inbox@trevorbramble.com>
Thu, 3 Dec 2015 02:08:00 +0000 (18:08 -0800)
commit95305edf254846c051c0d32e60be3a85c5029a48
tree590a8e167bf29bd7886f20e96b45d20149d68678tree
parent26b31593b4aaa1bbe776e3422b6b8fc9d6ac439dcommit | diff
Read title value as text instead of HTML

Using `.html` when grabbing the `title` value allows it to be evaluated by JavaScript, a potential security loophole.
js/foundation/foundation.tooltip.js diff | blob | blame | history
Mirror of https://github.com/foundation/foundation-sites.git