prevent xss attacks also if some javascript ends up in the alt-tag
This commit is contained in:
parent
3e143601fe
commit
df4737f52a
|
@ -84,7 +84,6 @@
|
|||
}
|
||||
|
||||
title = selectedOpts.title || (obj.nodeName ? $(obj).attr('title') : obj.title) || '';
|
||||
title = title.replace(/</, "<").replace(/>/, ">");
|
||||
|
||||
if (obj.nodeName && !selectedOpts.orig) {
|
||||
selectedOpts.orig = $(obj).children("img:first").length ? $(obj).children("img:first") : $(obj);
|
||||
|
@ -94,6 +93,8 @@
|
|||
title = selectedOpts.orig.attr('alt');
|
||||
}
|
||||
|
||||
title = title.replace(/</, "<").replace(/>/, ">");
|
||||
|
||||
href = selectedOpts.href || (obj.nodeName ? $(obj).attr('href') : obj.href) || null;
|
||||
|
||||
if ((/^(?:javascript)/i).test(href) || href == '#') {
|
||||
|
|
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue