github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-01-19 06:02:47 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: prevents XSS when showing tooltip

Browse Source
This commit is contained in:
Joffrey JAFFEUX 2018-06-27 14:35:47 +02:00
parent 612bc4f95b
commit aafd883466
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/assets/javascripts/discourse/lib/tooltip.js.es6
View File

@ -1,10 +1,15 @@
import { escapeExpression } from "discourse/lib/utilities";
export function showTooltip() {
const fadeSpeed = 300;
const tooltipID = "#discourse-tooltip";
const $this = $(this);
const $parent = $this.offsetParent();
const content = $this.attr("data-tooltip");
const retina = window.devicePixelRatio && window.devicePixelRatio > 1 ? "class='retina'" : "";
const content = escapeExpression($this.attr("data-tooltip"));
const retina =
window.devicePixelRatio && window.devicePixelRatio > 1
? "class='retina'"
: "";
let pos = $this.offset();
const delta = $parent.offset();