}
try {
- const $selector = $(selector)
+ const $selector = $(document).find(selector)
return $selector.length > 0 ? selector : null
} catch (error) {
return null
<div class="bg-dark text-white p-2" id="tall" style="display: none;">
Tall body content to force the page to have a scrollbar.
</div>
+
+ <button type="button" class="btn btn-secondary btn-lg" data-toggle="modal" data-target="<div class="modal fade the-bad" tabindex="-1" role="dialog"><div class="modal-dialog" role="document"><div class="modal-content"><div class="modal-header"><button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button><h4 class="modal-title">The Bad Modal</h4></div><div class="modal-body">This modal's HTTML source code is declared inline, inside the data-target attribute of it's show-button</div></div></div></div>">
+ Modal with an XSS inside the data-target
+ </button>
</div>
<script src="../../../assets/js/vendor/jquery-slim.min.js"></script>
projects / thirdparty / bootstrap.git / commitdiff
