Commit f1314cce authored by alexpott's avatar alexpott
Browse files

Issue #2512478 by googletorp, pwolanin, G1N1: XSS on field edit form via label field via ckeditor

parent 1462460f
......@@ -30,7 +30,7 @@
// Set a title on the CKEditor instance that includes the text field's
// label so that screen readers say something that is understandable
// for end users.
var label = $('label[for=' + element.getAttribute('id') + ']').text();
var label = $('label[for=' + element.getAttribute('id') + ']').html();
format.editorSettings.title = Drupal.t("Rich Text Editor, !label field", {'!label': label});
// CKEditor initializes itself in a read-only state if the 'disabled'
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment