diff options
| author | t-ashula <office@ashula.info> | 2013-12-15 02:30:45 (GMT) |
|---|---|---|
| committer | t-ashula <office@ashula.info> | 2013-12-15 02:30:45 (GMT) |
| commit | 7fea82094723ecfb4e9b3ea6819137b99d7dfa9c (patch) | |
| tree | ceb21e297bff4968cc34f03aac1d5569c494ddd6 | |
| parent | ffb2d5de29dfd6a2715eaa6abc3405882067bc9b (diff) | |
| download | Doxygen-7fea82094723ecfb4e9b3ea6819137b99d7dfa9c.zip Doxygen-7fea82094723ecfb4e9b3ea6819137b99d7dfa9c.tar.gz Doxygen-7fea82094723ecfb4e9b3ea6819137b99d7dfa9c.tar.bz2 | |
add css-escape to avoid jquery based xss
| -rw-r--r-- | src/navtree.js | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/navtree.js b/src/navtree.js index 1d739b2..da868e5 100644 --- a/src/navtree.js +++ b/src/navtree.js @@ -276,7 +276,7 @@ function highlightAnchor() var anchor = $(aname); if (anchor.parent().attr('class')=='memItemLeft'){ var rows = $('.memberdecls tr[class$="'+ - window.location.hash.substring(1)+'"]'); + window.location.hash.substring(1).replace(/</g,'\\3c ')+'"]'); glowEffect(rows.children(),300); // member without details } else if (anchor.parents().slice(2).prop('tagName')=='TR') { glowEffect(anchor.parents('div.memitem'),1000); // enum value @@ -295,7 +295,7 @@ function selectAndHighlight(hash,n) var a; if (hash) { var link=stripPath($(location).attr('pathname'))+':'+hash.substring(1); - a=$('.item a[class$="'+link+'"]'); + a=$('.item a[class$="'+link.replace(/</g,'\\3c ')+'"]'); } if (a && a.length) { a.parent().parent().addClass('selected'); @@ -496,7 +496,7 @@ function initNavTree(toroot,relpath) if ($(location).attr('hash')){ var clslink=stripPath($(location).attr('pathname'))+':'+ $(location).attr('hash').substring(1); - a=$('.item a[class$="'+clslink+'"]'); + a=$('.item a[class$="'+clslink.replace(/</g,'\\3c ')+'"]'); } if (a==null || !$(a).parent().parent().hasClass('selected')){ $('.item').removeClass('selected'); |