Avoid contstructing html with concatenation

Fixes potential security issue, bug 41395. Change-Id: I55c79e41de6084d18c49b8bb715a7f49e19dc7e9
2012-11-01 11:33:43 +00:00
parent cccd49163b
commit 4b811a5997
1 changed files with 8 additions and 10 deletions
--- a/resources/js/ext.uls.displaysettings.js
+++ b/resources/js/ext.uls.displaysettings.js
@@ -327,16 +327,14 @@
 			// uls-ui-font-selector-label
 			// uls-content-font-selector-label
 			$fontLabel = this.$template.find( '#' + target + '-font-selector-label' );
-			$fontLabel.html( '<strong>'
-				+ $.i18n( 'ext-uls-webfonts-select-for', $.uls.data.getAutonym( language ) )
-				+ '</strong>'
-				+ '<div>'
-				// Possible messages:
-				// ext-uls-webfonts-select-for-ui-info
-				// ext-uls-webfonts-select-for-content-info
-				+ $.i18n( 'ext-uls-webfonts-select-for-' + target + '-info' )
-				+ '</div>'
-			);
+			$fontLabel.append( $( '<strong>' ).text(
+				$.i18n( 'ext-uls-webfonts-select-for', $.uls.data.getAutonym( language ) ) ) );
+
+			// Possible messages:
+			// ext-uls-webfonts-select-for-ui-info
+			// ext-uls-webfonts-select-for-content-info
+			$fontLabel.append( $( '<div>' ).text(
+				$.i18n( 'ext-uls-webfonts-select-for-' + target + '-info' ) ) );
 		},

 		/**