fixed xss vulnerability in un-packed version of jquery.fancybox and repack it
This commit is contained in:
parent
b0ecef02e9
commit
211a546600
|
@ -84,6 +84,7 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
title = selectedOpts.title || (obj.nodeName ? $(obj).attr('title') : obj.title) || '';
|
title = selectedOpts.title || (obj.nodeName ? $(obj).attr('title') : obj.title) || '';
|
||||||
|
title = title.replace(/</, "<").replace(/>/, ">");
|
||||||
|
|
||||||
if (obj.nodeName && !selectedOpts.orig) {
|
if (obj.nodeName && !selectedOpts.orig) {
|
||||||
selectedOpts.orig = $(obj).children("img:first").length ? $(obj).children("img:first") : $(obj);
|
selectedOpts.orig = $(obj).children("img:first").length ? $(obj).children("img:first") : $(obj);
|
||||||
|
|
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue