From 4b811a59973677d46f1f03f958b0f5c0e42e2627 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niklas=20Laxstr=C3=B6m?= <niklas.laxstrom@gmail.com>
Date: Thu, 1 Nov 2012 11:33:43 +0000
Subject: [PATCH] Avoid contstructing html with concatenation

Fixes potential security issue, bug 41395.
Change-Id: I55c79e41de6084d18c49b8bb715a7f49e19dc7e9
---
 resources/js/ext.uls.displaysettings.js | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/resources/js/ext.uls.displaysettings.js b/resources/js/ext.uls.displaysettings.js
index 5ace5863..c1a7068f 100644
--- a/resources/js/ext.uls.displaysettings.js
+++ b/resources/js/ext.uls.displaysettings.js
@@ -327,16 +327,14 @@
 			// uls-ui-font-selector-label
 			// uls-content-font-selector-label
 			$fontLabel = this.$template.find( '#' + target + '-font-selector-label' );
-			$fontLabel.html( '<strong>'
-				+ $.i18n( 'ext-uls-webfonts-select-for', $.uls.data.getAutonym( language ) )
-				+ '</strong>'
-				+ '<div>'
-				// Possible messages:
-				// ext-uls-webfonts-select-for-ui-info
-				// ext-uls-webfonts-select-for-content-info
-				+ $.i18n( 'ext-uls-webfonts-select-for-' + target + '-info' )
-				+ '</div>'
-			);
+			$fontLabel.append( $( '<strong>' ).text(
+				$.i18n( 'ext-uls-webfonts-select-for', $.uls.data.getAutonym( language ) ) ) );
+
+			// Possible messages:
+			// ext-uls-webfonts-select-for-ui-info
+			// ext-uls-webfonts-select-for-content-info
+			$fontLabel.append( $( '<div>' ).text(
+				$.i18n( 'ext-uls-webfonts-select-for-' + target + '-info' ) ) );
 		},
 
 		/**