diff options
author | Stefan Giehl <stefan@matomo.org> | 2020-04-14 09:41:13 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-04-14 09:41:13 +0300 |
commit | 0dda303ffe1090ee1f12eb2ef320c142f7f6737f (patch) | |
tree | f0fa79eb987a463f6b09d2af8ea45754349622e0 /plugins/CoreHome | |
parent | a4e60ad0e7e10ad2bbbd7bd9f2e4e04dbdd5b3e1 (diff) |
Fix problem when comparing segments or opening popovers (#15809)
refs #15805
Diffstat (limited to 'plugins/CoreHome')
-rw-r--r-- | plugins/CoreHome/javascripts/broadcast.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/plugins/CoreHome/javascripts/broadcast.js b/plugins/CoreHome/javascripts/broadcast.js index 6781e7cfe3..cbee7347e2 100644 --- a/plugins/CoreHome/javascripts/broadcast.js +++ b/plugins/CoreHome/javascripts/broadcast.js @@ -804,8 +804,8 @@ var broadcast = { var value = url.substring(startPos + lookFor.length, endStr); // we sanitize values to add a protection layer against XSS - // &segment= value is not sanitized, since segments are designed to accept any user input - if(param != 'segment') { + // parameters 'segment', 'popover' and 'compareSegments' are not sanitized, since segments are designed to accept any user input + if(param != 'segment' && param != 'popover' && param != 'compareSegments') { value = value.replace(/[^_%~\*\+\-\<\>!@\$\.()=,;0-9a-zA-Z]/gi, ''); } return value; |