selector = selector && selector.replace(/.*(?=#[^\s]*$)/, '') // strip for ie7
}
- var $parent = $(selector === '#' ? [] : selector)
+ selector = selector === '#' ? [] : selector
+ var $parent = $(document).find(selector)
if (e) e.preventDefault()
// =================
var clickHandler = function (e) {
- var href
var $this = $(this)
- var $target = $($this.attr('data-target') || (href = $this.attr('href')) && href.replace(/.*(?=#[^\s]+$)/, '')) // strip for ie7
+ var href = $this.attr('href')
+ if (href) {
+ href = href.replace(/.*(?=#[^\s]+$)/, '') // strip for ie7
+ }
+
+ var target = $this.attr('data-target') || href
+ var $target = $(document).find(target)
+
if (!$target.hasClass('carousel')) return
+
var options = $.extend({}, $target.data(), $this.data())
var slideIndex = $this.attr('data-slide-to')
if (slideIndex) options.interval = false
var target = $trigger.attr('data-target')
|| (href = $trigger.attr('href')) && href.replace(/.*(?=#[^\s]+$)/, '') // strip for ie7
- return $(target)
+ return $(document).find(target)
}
selector = selector && /#[A-Za-z]/.test(selector) && selector.replace(/.*(?=#[^\s]*$)/, '') // strip for ie7
}
- var $parent = selector && $(selector)
+ var $parent = selector && $(document).find(selector)
return $parent && $parent.length ? $parent : $this.parent()
}
$(document).on('click.bs.modal.data-api', '[data-toggle="modal"]', function (e) {
var $this = $(this)
var href = $this.attr('href')
- var $target = $($this.attr('data-target') || (href && href.replace(/.*(?=#[^\s]+$)/, ''))) // strip for ie7
+ var target = $this.attr('data-target') ||
+ (href && href.replace(/.*(?=#[^\s]+$)/, '')) // strip for ie7
+
+ var $target = $(document).find(target)
var option = $target.data('bs.modal') ? 'toggle' : $.extend({ remote: !/#/.test(href) && href }, $target.data(), $this.data())
if ($this.is('a')) e.preventDefault()
</div>
</div>
</div>
-
+ <button class="btn" data-toggle="collapse" data-target="<img src=x onerror=alert(0)>">
+ Collapse with an XSS
+ </button>
</div>
<!-- JavaScript Includes -->
Tall body content to force the page to have a scrollbar.
</div>
+ <button class="btn btn-primary btn-lg" data-toggle="modal" data-target="<div class="modal fade the-bad" tabindex="-1" role="dialog"><div class="modal-dialog" role="document"><div class="modal-content"><div class="modal-header"><button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button><h4 class="modal-title">The Bad Modal</h4></div><div class="modal-body">This modal's HTTML source code is declared inline, inside the data-target attribute of it's show-button</div></div></div></div>">
+ Launch XSS modal
+ </button>
</div>
<!-- JavaScript Includes -->
projects / thirdparty / bootstrap.git / commitdiff
