Avoid contstructing html with concatenation
Fixes potential security issue, bug 41395. Change-Id: I55c79e41de6084d18c49b8bb715a7f49e19dc7e9
This commit is contained in:
Niklas Laxström
@@ -327,16 +327,14 @@
|
|||||||
// uls-ui-font-selector-label
|
// uls-ui-font-selector-label
|
||||||
// uls-content-font-selector-label
|
// uls-content-font-selector-label
|
||||||
$fontLabel = this.$template.find( '#' + target + '-font-selector-label' );
|
$fontLabel = this.$template.find( '#' + target + '-font-selector-label' );
|
||||||
$fontLabel.html( '<strong>'
|
$fontLabel.append( $( '<strong>' ).text(
|
||||||
+ $.i18n( 'ext-uls-webfonts-select-for', $.uls.data.getAutonym( language ) )
|
$.i18n( 'ext-uls-webfonts-select-for', $.uls.data.getAutonym( language ) ) ) );
|
||||||
+ '</strong>'
|
|
||||||
+ '<div>'
|
// Possible messages:
|
||||||
// Possible messages:
|
// ext-uls-webfonts-select-for-ui-info
|
||||||
// ext-uls-webfonts-select-for-ui-info
|
// ext-uls-webfonts-select-for-content-info
|
||||||
// ext-uls-webfonts-select-for-content-info
|
$fontLabel.append( $( '<div>' ).text(
|
||||||
+ $.i18n( 'ext-uls-webfonts-select-for-' + target + '-info' )
|
$.i18n( 'ext-uls-webfonts-select-for-' + target + '-info' ) ) );
|
||||||
+ '</div>'
|
|
||||||
);
|
|
||||||
},
|
},
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Reference in New Issue
Block a user