[extensions-web] js: Fix a potential XSS issue

From: Jasper St. Pierre <jstpierre src gnome org>
To: commits-list gnome org
Cc:
Subject: [extensions-web] js: Fix a potential XSS issue
Date: Wed, 26 Oct 2011 20:07:00 +0000 (UTC)

commit ab98d3094f10fe1bc56c0960cdf1167df306e440
Author: Jasper St. Pierre <jstpierre mecheye net>
Date:   Wed Oct 26 13:12:06 2011 -0400

    js: Fix a potential XSS issue

 sweettooth/static/js/extensions.js |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/sweettooth/static/js/extensions.js b/sweettooth/static/js/extensions.js
index 54b3be2..58c930f 100644
--- a/sweettooth/static/js/extensions.js
+++ b/sweettooth/static/js/extensions.js
@@ -201,7 +201,7 @@ function($, messages, dbusProxy) {
                         type: "GET",
                     }).done(function(result) {
                         $elem.
-                            find('span.author').html(" by <a href=\"/accounts/profile/"+result.creator+"\">"+result.creator+"</a>").end().
+                            find('span.author').text(" by ").append($('<a>', {'href': "/accounts/profile/" + result.creator})).end().
                             find('img.icon').detach().end().
                             find('h3').html($('<a>', {'href': result.link}).append($('<img>', {'class': 'icon', 'src': result.icon})).append(extension.name)).end().
                             append($('<button>', {'class': 'uninstall', 'title': "Uninstall"}).text("Uninstall").bind('click', uninstall)).

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]