bryce/mediawiki-extensions-UniversalLanguageSelector
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use Unicode '\u00A0' instead of HTML ' '

Browse Source 
The .html() can replaced by .text() which avoids a possible JavaScript
injection by a malicious message.

Change-Id: Iffdf13299db6fb4ccd8a35b9df4c2f235646ea9d
This commit is contained in:
Fomafix
2023-04-24 09:43:39 +00:00
parent 29dfbbdd72
commit 69ddc959ac
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
resources/js/ext.uls.displaysettings.js
View File

@@ -199,8 +199,7 @@
$( '<p>' ).append( $( '<p>' ).append(
$( '<span>' ) $( '<span>' )
.addClass( 'uls-display-settings-anon-label' ) .addClass( 'uls-display-settings-anon-label' )
// .html() is needed for correct parsing of the nbsp .text( $.i18n( 'ext-uls-display-settings-anon-label' ) + '\u00A0' ),
.html( $.i18n( 'ext-uls-display-settings-anon-label' ) + '&#160;' ),
$( '<span>' ) $( '<span>' )
.text( $.i18n( 'ext-uls-display-settings-anon-same-as-content', autonym ) ) .text( $.i18n( 'ext-uls-display-settings-anon-same-as-content', autonym ) )
), ),