From: Trevor Bramble <inbox@trevorbramble.com>
Date: Thu, 3 Dec 2015 02:08:00 +0000 (-0800)
Subject: Read title value as text instead of HTML
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F7359%2Fhead;p=thirdparty%2Ffoundation%2Ffoundation-sites.git

Read title value as text instead of HTML

Using `.html` when grabbing the `title` value allows it to be evaluated by JavaScript, a potential security loophole.
---

diff --git a/js/foundation/foundation.tooltip.js b/js/foundation/foundation.tooltip.js
index d6cb3f638..e5cba11f3 100644
--- a/js/foundation/foundation.tooltip.js
+++ b/js/foundation/foundation.tooltip.js
@@ -194,7 +194,7 @@
         tip_template = window[settings.tip_template];
       }
 
-      var $tip = $(tip_template(this.selector($target), $('<div></div>').html($target.attr('title')).html())),
+      var $tip = $(tip_template(this.selector($target), $('<div></div>').html($target.attr('title')).text())),
           classes = this.inheritable_classes($target);
 
       $tip.addClass(classes).appendTo(settings.append_to);