diff options
author | Stefan Giehl <stefan@matomo.org> | 2020-03-24 11:14:51 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-24 11:14:51 +0300 |
commit | dc45e00e44ba2ef1dcb9628ee706b871fc242d0f (patch) | |
tree | 69fff8408a08d026f4897706b01264746f4dddc3 /plugins/CoreHome/javascripts | |
parent | a02376ecf678a9c1678bc9083a2aea69d4842f7d (diff) |
Regenerates Omnifixture (#15520)
* updates Omnifixture
* fix some namespaces
* updates some outdated urls
* use correct method
* update expected UI files
* ensure popover param is not sanitized
* try to fix one click update ui test until 4.x stable release
* fix jstracker ui test
* set now timestamp for realtime test
* replace some changing ids to avoid changes on omnifixture update
* ui files
Diffstat (limited to 'plugins/CoreHome/javascripts')
-rw-r--r-- | plugins/CoreHome/javascripts/broadcast.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/plugins/CoreHome/javascripts/broadcast.js b/plugins/CoreHome/javascripts/broadcast.js index 481e8d6232..72f984d6f5 100644 --- a/plugins/CoreHome/javascripts/broadcast.js +++ b/plugins/CoreHome/javascripts/broadcast.js @@ -804,8 +804,8 @@ var broadcast = { var value = url.substring(startPos + lookFor.length, endStr); // we sanitize values to add a protection layer against XSS - // &segment= value is not sanitized, since segments are designed to accept any user input - if(param != 'segment') { + // &segment= (and &popover=) value is not sanitized, since segments are designed to accept any user input + if(param != 'segment' && param != 'popover') { value = value.replace(/[^_%~\*\+\-\<\>!@\$\.()=,;0-9a-zA-Z]/gi, ''); } return value; |