fix(tooltip): xss in container option

2025-02-25 12:22:50 +01:00 · 2018-05-30 09:41:05 +02:00 · 2018-05-30 09:41:05 +02:00 · 2d90d369bb
commit 2d90d369bb
parent e3084c3842
2 changed files with 34 additions and 21 deletions
--- a/js/src/tooltip.js
+++ b/js/src/tooltip.js
@ -273,7 +273,7 @@ const Tooltip = (($) => {
        const attachment = this._getAttachment(placement)
        this.addAttachmentClass(attachment)
-        const container = this.config.container === false ? document.body : $(this.config.container)
+        const container = this.config.container === false ? document.body : $(document).find(this.config.container)
        $(tip).data(this.constructor.DATA_KEY, this)
--- a/js/tests/visual/tooltip.html
+++ b/js/tests/visual/tooltip.html
@ -27,27 +27,40 @@
      <hr>
-      <p>
+      <div class="row">
-        <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="auto" title="Tooltip on auto">
+        <p>
-          Tooltip on auto
+          <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="auto" title="Tooltip on auto">
-        </button>
+            Tooltip on auto
-        <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="top" title="Tooltip on top">
+          </button>
-          Tooltip on top
+          <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="top" title="Tooltip on top">
-        </button>
+            Tooltip on top
-        <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="right" title="Tooltip on right">
+          </button>
-          Tooltip on right
+          <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="right" title="Tooltip on right">
-        </button>
+            Tooltip on right
-        <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="bottom" title="Tooltip on bottom">
+          </button>
-          Tooltip on bottom
+          <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="bottom" title="Tooltip on bottom">
-        </button>
+            Tooltip on bottom
-        <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="left" title="Tooltip on left">
+          </button>
-          Tooltip on left
+          <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="left" title="Tooltip on left">
-        </button>
+            Tooltip on left
-        <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-html="true" title="<em>Tooltip</em> <u>with</u> <b>HTML</b>">
+          </button>
-          Tooltip with HTML
+        </p>
-        </button>
+      </div>
-      </p>
+      <div class="row">
        <p>
          <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="left" title="Tooltip with XSS" data-container="<img src=1 onerror=alert(123) />">
            Tooltip with XSS
          </button>
          <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="left" title="Tooltip with container" data-container="#customContainer">
            Tooltip with container
          </button>
          <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-html="true" title="<em>Tooltip</em> <u>with</u> <b>HTML</b>">
            Tooltip with HTML
          </button>
        </p>
      </div>
      <div id="target" title="Test tooltip on transformed element"></div>
      <div id="customContainer"></div>
    </div>
    <script src="../../../assets/js/vendor/jquery-slim.min.js"></script>