Regenerates Omnifixture (#15520)

* updates Omnifixture * fix some namespaces * updates some outdated urls * use correct method * update expected UI files * ensure popover param is not sanitized * try to fix one click update ui test until 4.x stable release * fix jstracker ui test * set now timestamp for realtime test * replace some changing ids to avoid changes on omnifixture update * ui files
author: Stefan Giehl <stefan@matomo.org> 2020-03-24 11:14:51 +0300
committer: GitHub <noreply@github.com> 2020-03-24 11:14:51 +0300
commit: dc45e00e44ba2ef1dcb9628ee706b871fc242d0f (patch)
tree: 69fff8408a08d026f4897706b01264746f4dddc3 /plugins/CoreHome/javascripts
parent: a02376ecf678a9c1678bc9083a2aea69d4842f7d (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/plugins/CoreHome/javascripts/broadcast.js b/plugins/CoreHome/javascripts/broadcast.js
index 481e8d6232..72f984d6f5 100644
--- a/plugins/CoreHome/javascripts/broadcast.js
+++ b/plugins/CoreHome/javascripts/broadcast.js
@@ -804,8 +804,8 @@ var broadcast = {
             var value = url.substring(startPos + lookFor.length, endStr);
 
             // we sanitize values to add a protection layer against XSS
-            // &segment= value is not sanitized, since segments are designed to accept any user input
-            if(param != 'segment') {
+            // &segment= (and &popover=) value is not sanitized, since segments are designed to accept any user input
+            if(param != 'segment' && param != 'popover') {
                 value = value.replace(/[^_%~\*\+\-\<\>!@\$\.()=,;0-9a-zA-Z]/gi, '');
             }
             return value;
author	Stefan Giehl <stefan@matomo.org>	2020-03-24 11:14:51 +0300
committer	GitHub <noreply@github.com>	2020-03-24 11:14:51 +0300
commit	dc45e00e44ba2ef1dcb9628ee706b871fc242d0f (patch)
tree	69fff8408a08d026f4897706b01264746f4dddc3 /plugins/CoreHome/javascripts
parent	a02376ecf678a9c1678bc9083a2aea69d4842f7d (diff)