From cfe219fbb9f2f734b063041ae420400044f90000 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sat, 9 Jun 2012 15:07:09 +0200 Subject: [PATCH] fix potential xss in multiselect --- core/js/multiselect.js | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/core/js/multiselect.js b/core/js/multiselect.js index 541dddf0f7..5f339006d2 100644 --- a/core/js/multiselect.js +++ b/core/js/multiselect.js @@ -57,8 +57,11 @@ element=$(element); var item=element.val(); var id='ms'+multiSelectId+'-option-'+item; - var input=$(''); - var label=$(''); + var input=$(''); + input.attr('id',id); + var label=$('