diff options
| author | Jacob Thornton <jacobthornton@gmail.com> | 2012-06-03 04:55:10 +0400 |
|---|---|---|
| committer | Jacob Thornton <jacobthornton@gmail.com> | 2012-06-03 04:55:10 +0400 |
| commit | f836473129819c2e348f821ed268451b9b8bf2e4 (patch) | |
| tree | 5acd7d92391310068375ab10145d3cb8194a1868 /docs/assets/js/bootstrap-tooltip.js | |
| parent | fc96bc8bba0687fb5845bffc72eb048535583499 (diff) | |
add html option back to tooltip and popover to explicitly prevent XSS #3421
Diffstat (limited to 'docs/assets/js/bootstrap-tooltip.js')
| -rw-r--r-- | docs/assets/js/bootstrap-tooltip.js | 12 |
1 files changed, 2 insertions, 10 deletions
diff --git a/docs/assets/js/bootstrap-tooltip.js b/docs/assets/js/bootstrap-tooltip.js index b476f1c4e6..f5f9fad3f4 100644 --- a/docs/assets/js/bootstrap-tooltip.js +++ b/docs/assets/js/bootstrap-tooltip.js @@ -148,20 +148,11 @@ } } - , isHTML: function(text) { - // html string detection logic adapted from jQuery - return typeof text != 'string' - || ( text.charAt(0) === "<" - && text.charAt( text.length - 1 ) === ">" - && text.length >= 3 - ) || /^(?:[^<]*<[\w\W]+>[^>]*$)/.exec(text) - } - , setContent: function () { var $tip = this.tip() , title = this.getTitle() - $tip.find('.tooltip-inner')[this.isHTML(title) ? 'html' : 'text'](title) + $tip.find('.tooltip-inner')[this.options.html ? 'html' : 'text'](title) $tip.removeClass('fade in top bottom left right') } @@ -270,6 +261,7 @@ , trigger: 'hover' , title: '' , delay: 0 + , html: true } }(window.jQuery); |