Issue #2999163 by markcarver, Gomez_in_the_South: XSS vulnerability in modal.js

Signed-off-by: markcarver's avatarMark Carver <mark.carver@me.com>
parent 295bf67c
......@@ -5,6 +5,13 @@
(function ($, Drupal, Bootstrap, Attributes) {
'use strict';
/**
* Document jQuery object.
*
* @type {jQuery}
*/
var $document = $(document);
/**
* Only process this once.
*/
......@@ -131,12 +138,13 @@
// Replace the data API so that it calls $.fn.modal rather than Plugin.
// This allows sub-themes to replace the jQuery Plugin if they like with
// out having to redo all this boilerplate.
$(document)
$document
.off('click.bs.modal.data-api')
.on('click.bs.modal.data-api', '[data-toggle="modal"]', function (e) {
var $this = $(this);
var href = $this.attr('href');
var $target = $($this.attr('data-target') || (href && href.replace(/.*(?=#[^\s]+$)/, ''))); // strip for ie7
var target = $this.attr('data-target') || (href && href.replace(/.*(?=#[^\s]+$)/, '')); // strip for ie7
var $target = $document.find(target);
var option = $target.data('bs.modal') ? 'toggle' : $.extend({ remote: !/#/.test(href) && href }, $target.data(), $this.data());
if ($this.is('a')) e.preventDefault();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment