diff options
Diffstat (limited to 'plugins/CoreHome/javascripts/broadcast.js')
| -rw-r--r-- | plugins/CoreHome/javascripts/broadcast.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/plugins/CoreHome/javascripts/broadcast.js b/plugins/CoreHome/javascripts/broadcast.js index 6781e7cfe3..cbee7347e2 100644 --- a/plugins/CoreHome/javascripts/broadcast.js +++ b/plugins/CoreHome/javascripts/broadcast.js @@ -804,8 +804,8 @@ var broadcast = { var value = url.substring(startPos + lookFor.length, endStr); // we sanitize values to add a protection layer against XSS - // &segment= value is not sanitized, since segments are designed to accept any user input - if(param != 'segment') { + // parameters 'segment', 'popover' and 'compareSegments' are not sanitized, since segments are designed to accept any user input + if(param != 'segment' && param != 'popover' && param != 'compareSegments') { value = value.replace(/[^_%~\*\+\-\<\>!@\$\.()=,;0-9a-zA-Z]/gi, ''); } return value; |