xss fix, thx @chc4@quitter.se
This commit is contained in:
parent
60acc52638
commit
c60d1101f9
|
@ -1882,7 +1882,8 @@ function loadHistoryFromLocalStorage() {
|
||||||
$('#history-container').css('display','block');
|
$('#history-container').css('display','block');
|
||||||
$('#history-container').html('');
|
$('#history-container').html('');
|
||||||
$.each(cacheData, function(key,obj) {
|
$.each(cacheData, function(key,obj) {
|
||||||
$('#history-container').append('<a class="stream-selection" href="' + obj.dataStreamHref + '">' + obj.dataStreamHeader + '<i class="chev-right" data-tooltip="' + window.sL.tooltipBookmarkStream + '"></i></a>');
|
var streamHeader = replaceHtmlSpecialChars(obj.dataStreamHeader); // because we're pulling the header with jQuery.text() before saving in localstorage, which unescapes our escaped html
|
||||||
|
$('#history-container').append('<a class="stream-selection" href="' + obj.dataStreamHref + '">' + streamHeader + '<i class="chev-right" data-tooltip="' + window.sL.tooltipBookmarkStream + '"></i></a>');
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
updateHistoryLocalStorage();
|
updateHistoryLocalStorage();
|
||||||
|
|
Loading…
Reference in New Issue
Block a user