From: Johann-S <johann.servoire@gmail.com>
Date: Wed, 30 May 2018 07:50:13 +0000 (+0200)
Subject: fix(scrollspy): xss in target option
X-Git-Tag: v4.1.2~56
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cc61edfa8af7b5ec9d4888c59bf94377e499b78b;p=thirdparty%2Fbootstrap.git

fix(scrollspy): xss in target option
---

diff --git a/js/src/scrollspy.js b/js/src/scrollspy.js
index 091b320bd9..90905b05dd 100644
--- a/js/src/scrollspy.js
+++ b/js/src/scrollspy.js
@@ -115,7 +115,7 @@ const ScrollSpy = (($) => {
 
       this._scrollHeight = this._getScrollHeight()
 
-      const targets = $.makeArray($(this._selector))
+      const targets = $.makeArray(document.querySelectorAll(this._selector))
 
       targets
         .map((element) => {