From: Brian Tan <briantan888@users.noreply.github.com>
Date: Tue, 5 Apr 2016 02:30:30 +0000 (-0400)
Subject: [tooltip.js] New option allowHtml
X-Git-Tag: v6.3-rc1~86^2
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F8527%2Fhead;p=thirdparty%2Ffoundation%2Ffoundation-sites.git

[tooltip.js] New option allowHtml

Ref pr #8075 Add new option allowHtml (default false) to allow HTML in tooltip.
---

diff --git a/js/foundation.tooltip.js b/js/foundation.tooltip.js
index 827fcd298..2dc54b0ee 100644
--- a/js/foundation.tooltip.js
+++ b/js/foundation.tooltip.js
@@ -39,9 +39,15 @@ class Tooltip {
     this.options.tipText = this.options.tipText || this.$element.attr('title');
     this.template = this.options.template ? $(this.options.template) : this._buildTemplate(elemId);
 
-    this.template.appendTo(document.body)
+    if (this.options.allowHtml) {
+      this.template.appendTo(document.body)
+        .html(this.options.tipText)
+        .hide();
+    } else {
+      this.template.appendTo(document.body)
         .text(this.options.tipText)
         .hide();
+    }
 
     this.$element.attr({
       'title': '',
@@ -425,7 +431,14 @@ Tooltip.defaults = {
    * @option
    * @example 12
    */
-  hOffset: 12
+  hOffset: 12,
+    /**
+   * Allow HTML in tooltip. Warning: If you are loading user-generated content into tooltips,
+   * allowing HTML may open yourself up to XSS attacks.
+   * @option
+   * @example false
+   */
+  allowHtml: false
 };
 
 /**