Commit ce35c4f2 authored by Dimitri van Heesch's avatar Dimitri van Heesch

Merge pull request #71 from t-ashula/jqueryxss

add css-escape to avoid jquery based xss
parents 8de63344 7fea8209
...@@ -276,7 +276,7 @@ function highlightAnchor() ...@@ -276,7 +276,7 @@ function highlightAnchor()
var anchor = $(aname); var anchor = $(aname);
if (anchor.parent().attr('class')=='memItemLeft'){ if (anchor.parent().attr('class')=='memItemLeft'){
var rows = $('.memberdecls tr[class$="'+ var rows = $('.memberdecls tr[class$="'+
window.location.hash.substring(1)+'"]'); window.location.hash.substring(1).replace(/</g,'\\3c ')+'"]');
glowEffect(rows.children(),300); // member without details glowEffect(rows.children(),300); // member without details
} else if (anchor.parents().slice(2).prop('tagName')=='TR') { } else if (anchor.parents().slice(2).prop('tagName')=='TR') {
glowEffect(anchor.parents('div.memitem'),1000); // enum value glowEffect(anchor.parents('div.memitem'),1000); // enum value
...@@ -295,7 +295,7 @@ function selectAndHighlight(hash,n) ...@@ -295,7 +295,7 @@ function selectAndHighlight(hash,n)
var a; var a;
if (hash) { if (hash) {
var link=stripPath($(location).attr('pathname'))+':'+hash.substring(1); var link=stripPath($(location).attr('pathname'))+':'+hash.substring(1);
a=$('.item a[class$="'+link+'"]'); a=$('.item a[class$="'+link.replace(/</g,'\\3c ')+'"]');
} }
if (a && a.length) { if (a && a.length) {
a.parent().parent().addClass('selected'); a.parent().parent().addClass('selected');
...@@ -496,7 +496,7 @@ function initNavTree(toroot,relpath) ...@@ -496,7 +496,7 @@ function initNavTree(toroot,relpath)
if ($(location).attr('hash')){ if ($(location).attr('hash')){
var clslink=stripPath($(location).attr('pathname'))+':'+ var clslink=stripPath($(location).attr('pathname'))+':'+
$(location).attr('hash').substring(1); $(location).attr('hash').substring(1);
a=$('.item a[class$="'+clslink+'"]'); a=$('.item a[class$="'+clslink.replace(/</g,'\\3c ')+'"]');
} }
if (a==null || !$(a).parent().parent().hasClass('selected')){ if (a==null || !$(a).parent().parent().hasClass('selected')){
$('.item').removeClass('selected'); $('.item').removeClass('selected');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment