diff options
Diffstat (limited to 'plugins/CoreHome/javascripts')
-rw-r--r-- | plugins/CoreHome/javascripts/broadcast.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/plugins/CoreHome/javascripts/broadcast.js b/plugins/CoreHome/javascripts/broadcast.js index 481e8d6232..72f984d6f5 100644 --- a/plugins/CoreHome/javascripts/broadcast.js +++ b/plugins/CoreHome/javascripts/broadcast.js @@ -804,8 +804,8 @@ var broadcast = { var value = url.substring(startPos + lookFor.length, endStr); // we sanitize values to add a protection layer against XSS - // &segment= value is not sanitized, since segments are designed to accept any user input - if(param != 'segment') { + // &segment= (and &popover=) value is not sanitized, since segments are designed to accept any user input + if(param != 'segment' && param != 'popover') { value = value.replace(/[^_%~\*\+\-\<\>!@\$\.()=,;0-9a-zA-Z]/gi, ''); } return value; |