mirror_css/bootstrap
1
0
Fork 0
mirror of https://github.com/twbs/bootstrap.git synced 2025-02-25 12:22:50 +01:00
Code Issues Releases Wiki Activity

fix(tooltip): xss in container option

Browse Source
This commit is contained in:
Johann-S 2018-05-30 09:41:05 +02:00
parent e3084c3842
commit 2d90d369bb
2 changed files with 34 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
js/src/tooltip.js
View File

@ -273,7 +273,7 @@ const Tooltip = (($) => {
const attachment = this._getAttachment(placement) const attachment = this._getAttachment(placement)
this.addAttachmentClass(attachment) this.addAttachmentClass(attachment)
const container = this.config.container === false ? document.body : $(this.config.container) const container = this.config.container === false ? document.body : $(document).find(this.config.container)
$(tip).data(this.constructor.DATA_KEY, this) $(tip).data(this.constructor.DATA_KEY, this)

53
js/tests/visual/tooltip.html
View File

@ -27,27 +27,40 @@
<hr> <hr>
<p> <div class="row">
<button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="auto" title="Tooltip on auto"> <p>
Tooltip on auto <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="auto" title="Tooltip on auto">
</button> Tooltip on auto
<button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="top" title="Tooltip on top"> </button>
Tooltip on top <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="top" title="Tooltip on top">
</button> Tooltip on top
<button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="right" title="Tooltip on right"> </button>
Tooltip on right <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="right" title="Tooltip on right">
</button> Tooltip on right
<button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="bottom" title="Tooltip on bottom"> </button>
Tooltip on bottom <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="bottom" title="Tooltip on bottom">
</button> Tooltip on bottom
<button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="left" title="Tooltip on left"> </button>
Tooltip on left <button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="left" title="Tooltip on left">
</button> Tooltip on left
<button type="button" class="btn btn-secondary" data-toggle="tooltip" data-html="true" title="<em>Tooltip</em> <u>with</u> <b>HTML</b>"> </button>
Tooltip with HTML </p>
</button> </div>
</p> <div class="row">
<p>
<button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="left" title="Tooltip with XSS" data-container="<img src=1 onerror=alert(123) />">
Tooltip with XSS
</button>
<button type="button" class="btn btn-secondary" data-toggle="tooltip" data-placement="left" title="Tooltip with container" data-container="#customContainer">
Tooltip with container
</button>
<button type="button" class="btn btn-secondary" data-toggle="tooltip" data-html="true" title="<em>Tooltip</em> <u>with</u> <b>HTML</b>">
Tooltip with HTML
</button>
</p>
</div>
<div id="target" title="Test tooltip on transformed element"></div> <div id="target" title="Test tooltip on transformed element"></div>
<div id="customContainer"></div>
</div> </div>
<script src="../../../assets/js/vendor/jquery-slim.min.js"></script> <script src="../../../assets/js/vendor/jquery-slim.min.js"></script>