diff options
| author | Madhura Jayaratne <madhura.cj@gmail.com> | 2012-08-12 05:10:36 +0400 |
|---|---|---|
| committer | Madhura Jayaratne <madhura.cj@gmail.com> | 2012-08-12 05:10:36 +0400 |
| commit | d56335691cf1c1d8be3453904a885038da0a8c93 (patch) | |
| tree | c587841ac35170166517a6a92110ecbd73b72724 /js/tbl_gis_visualization.js | |
| parent | 1aec25f5f2163029da51da39a1d13dcb20fb00ea (diff) | |
[security] Properly escape content of tooltips in GIS visualization
Diffstat (limited to 'js/tbl_gis_visualization.js')
| -rw-r--r-- | js/tbl_gis_visualization.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/js/tbl_gis_visualization.js b/js/tbl_gis_visualization.js index 3000e883c0..38722a474e 100644 --- a/js/tbl_gis_visualization.js +++ b/js/tbl_gis_visualization.js @@ -297,7 +297,7 @@ $(document).ready(function() { */ $('.polygon, .multipolygon, .point, .multipoint, .linestring, .multilinestring, ' + '.geometrycollection').live('mousemove', function(event) { - contents = $.trim($(this).attr('name')); + contents = $.trim(escapeHtml($(this).attr('name'))); $("#tooltip").remove(); if (contents != '') { $('<div id="tooltip">' + contents + '</div>').css({ |