xss fix, thx @chc4@quitter.se

This commit is contained in:
Hannes Mannerheim 2016-02-07 02:23:50 +01:00
parent 60acc52638
commit c60d1101f9

View File

@ -1882,7 +1882,8 @@ function loadHistoryFromLocalStorage() {
$('#history-container').css('display','block'); $('#history-container').css('display','block');
$('#history-container').html(''); $('#history-container').html('');
$.each(cacheData, function(key,obj) { $.each(cacheData, function(key,obj) {
$('#history-container').append('<a class="stream-selection" href="' + obj.dataStreamHref + '">' + obj.dataStreamHeader + '<i class="chev-right" data-tooltip="' + window.sL.tooltipBookmarkStream + '"></i></a>'); var streamHeader = replaceHtmlSpecialChars(obj.dataStreamHeader); // because we're pulling the header with jQuery.text() before saving in localstorage, which unescapes our escaped html
$('#history-container').append('<a class="stream-selection" href="' + obj.dataStreamHref + '">' + streamHeader + '<i class="chev-right" data-tooltip="' + window.sL.tooltipBookmarkStream + '"></i></a>');
}); });
} }
updateHistoryLocalStorage(); updateHistoryLocalStorage();