diff options
author | Jacob Thornton <jacobthornton@gmail.com> | 2012-09-25 10:15:36 +0400 |
---|---|---|
committer | Jacob Thornton <jacobthornton@gmail.com> | 2012-09-25 10:15:36 +0400 |
commit | 003fcccceb869ac0420d542bac9860f5f32e68a1 (patch) | |
tree | 794e2ccf4d8e2431cf0696900d1ff63b22cb0b7a /js | |
parent | ebf94c53a5497ff6d2aa353027d3a2ac3b67b18a (diff) |
change tooltip/popover html default to false for xss safety net
Diffstat (limited to 'js')
-rw-r--r-- | js/bootstrap-tooltip.js | 2 | ||||
-rw-r--r-- | js/tests/unit/bootstrap-tooltip.js | 3 |
2 files changed, 3 insertions, 2 deletions
diff --git a/js/bootstrap-tooltip.js b/js/bootstrap-tooltip.js index 78dddbeade..5657204762 100644 --- a/js/bootstrap-tooltip.js +++ b/js/bootstrap-tooltip.js @@ -269,7 +269,7 @@ , trigger: 'hover' , title: '' , delay: 0 - , html: true + , html: false } }(window.jQuery); diff --git a/js/tests/unit/bootstrap-tooltip.js b/js/tests/unit/bootstrap-tooltip.js index 14d6b22745..964ba1ef26 100644 --- a/js/tests/unit/bootstrap-tooltip.js +++ b/js/tests/unit/bootstrap-tooltip.js @@ -37,10 +37,11 @@ $(function () { tooltip.tooltip('hide') }) - test("should always allow html entities", function () { + test("should allow html entities", function () { $.support.transition = false var tooltip = $('<a href="#" rel="tooltip" title="<b>@fat</b>"></a>') .appendTo('#qunit-fixture') + .tooltip({html: true}) .tooltip('show') ok($('.tooltip b').length, 'b tag was inserted') |