fix(scrollspy): xss in target option

author Johann-S <johann.servoire@gmail.com>

Wed, 30 May 2018 07:50:13 +0000 (09:50 +0200)

committer Johann-S <johann.servoire@gmail.com>

Fri, 1 Jun 2018 07:10:25 +0000 (09:10 +0200)
author Johann-S <johann.servoire@gmail.com>
Wed, 30 May 2018 07:50:13 +0000 (09:50 +0200)
committer Johann-S <johann.servoire@gmail.com>
Fri, 1 Jun 2018 07:10:25 +0000 (09:10 +0200)
diff --git a/js/src/scrollspy.js b/js/src/scrollspy.js

index 091b320bd9bf6af60a6529c3d590bbfb8e12532c..90905b05dd800d4180f8d6d27fe3d4d4b9c8c7fc 100644 (file)
--- a/js/src/scrollspy.js
+++ b/js/src/scrollspy.js
@@ -115,7 +115,7 @@ const ScrollSpy = (($) => {
  
        this._scrollHeight = this._getScrollHeight()
  
-      const targets = $.makeArray($(this._selector))
+      const targets = $.makeArray(document.querySelectorAll(this._selector))
  
        targets
          .map((element) => {
author	Johann-S <johann.servoire@gmail.com>
	Wed, 30 May 2018 07:50:13 +0000 (09:50 +0200)
committer	Johann-S <johann.servoire@gmail.com>
	Fri, 1 Jun 2018 07:10:25 +0000 (09:10 +0200)