Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/matomo-org/matomo.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/plugins/CoreVisualizations
diff options
context:
space:
mode:
authordiosmosis <benaka@piwik.pro>2015-06-26 19:54:54 +0300
committerdiosmosis <benaka@piwik.pro>2015-06-26 19:54:54 +0300
commitd6f33d44a9a00eab6006ff6b84cd840120ad9cfb (patch)
tree79a8ce838fcbf98cbf1ac20c2c8470fb0f197583 /plugins/CoreVisualizations
parent5bafeac26e9ff41f88d021e5c8b80be5401d2873 (diff)
Make sure series names and metric names are escaped before being displayed in evolution graph tooltips.
Diffstat (limited to 'plugins/CoreVisualizations')
-rw-r--r--plugins/CoreVisualizations/javascripts/jqplotEvolutionGraph.js6
1 files changed, 4 insertions, 2 deletions
diff --git a/plugins/CoreVisualizations/javascripts/jqplotEvolutionGraph.js b/plugins/CoreVisualizations/javascripts/jqplotEvolutionGraph.js
index fbcb55d03e..3b62e9197e 100644
--- a/plugins/CoreVisualizations/javascripts/jqplotEvolutionGraph.js
+++ b/plugins/CoreVisualizations/javascripts/jqplotEvolutionGraph.js
@@ -135,12 +135,14 @@
for (var d = 0; d < self.data.length; d++) {
var value = self.formatY(self.data[d][tick], d);
var series = self.jqplotParams.series[d].label;
- text.push('<strong>' + value + '</strong> ' + series);
+ text.push('<strong>' + value + '</strong> ' + piwikHelper.htmlEntities(series));
}
+ var content = '<h3>'+piwikHelper.htmlEntities(label)+'</h3>'+text.join('<br />');
+
$(this).tooltip({
track: true,
items: 'div',
- content: '<h3>'+label+'</h3>'+text.join('<br />'),
+ content: content,
show: false,
hide: false
}).trigger('mouseover');
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-30 06:38:38 +0300