Commit 826b3fa8 authored by Dries's avatar Dries
Browse files

- Patch #565994 by mfb: src attribute for external javascript should be HTML-encoded.

parent c993b73e
......@@ -3157,7 +3157,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL) {
case 'external':
// Preprocessing for external JavaScript files is ignored.
$output .= '<script type="text/javascript"' . ($item['defer'] ? ' defer="defer"' : '') . ' src="' . $item['data'] . "\"></script>\n";
$output .= '<script type="text/javascript"' . ($item['defer'] ? ' defer="defer"' : '') . ' src="' . check_plain($item['data']) . "\"></script>\n";
break;
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment