From 95305edf254846c051c0d32e60be3a85c5029a48 Mon Sep 17 00:00:00 2001
From: Trevor Bramble <inbox@trevorbramble.com>
Date: Wed, 2 Dec 2015 18:08:00 -0800
Subject: [PATCH] Read title value as text instead of HTML

Using `.html` when grabbing the `title` value allows it to be evaluated by JavaScript, a potential security loophole.
---
 js/foundation/foundation.tooltip.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/js/foundation/foundation.tooltip.js b/js/foundation/foundation.tooltip.js
index d6cb3f638..e5cba11f3 100644
--- a/js/foundation/foundation.tooltip.js
+++ b/js/foundation/foundation.tooltip.js
@@ -194,7 +194,7 @@
         tip_template = window[settings.tip_template];
       }
 
-      var $tip = $(tip_template(this.selector($target), $('<div></div>').html($target.attr('title')).html())),
+      var $tip = $(tip_template(this.selector($target), $('<div></div>').html($target.attr('title')).text())),
           classes = this.inheritable_classes($target);
 
       $tip.addClass(classes).appendTo(settings.append_to);
-- 
2.47.2