lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-17 01:54:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

we still need to pull https://github.com/dragonofmercy/Tokenize2/pull/51 to prevent escaping issues, closes https://github.com/opnsense/core/issues/3145

Browse Source
This commit is contained in:
Ad Schellevis 2019-01-23 11:54:35 +01:00
parent aec3515cee
commit 49244f4771
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/opnsense/www/js/tokenize2.js
View File

@ -238,7 +238,7 @@
if(this.options.sortable){
var previous, current, data = this.tokensContainer.tokenize2sortable('serialize').get(0);
$.each(data, $.proxy(function(k, v){
current = $('option[value="' + v.value + '"]', this.element);
current = $('option[value="' + $.escapeSelector(v.value) + '"]', this.element);
if(previous === undefined){
current.prependTo(this.element);
} else {
@ -294,13 +294,13 @@
}
// Check duplicate token
if($('li.token[data-value="' + value + '"]', this.tokensContainer).length > 0){
if($('li.token[data-value="' + $.escapeSelector(value) + '"]', this.tokensContainer).length > 0){
this.trigger('tokenize:tokens:error:duplicate', [value, text]);
return this;
}
if($('option[value="' + value + '"]', this.element).length) {
$('option[value="' + value + '"]', this.element).attr('selected', 'selected').prop('selected', true);
if($('option[value="' + $.escapeSelector(value) + '"]', this.element).length) {
$('option[value="' + $.escapeSelector(value) + '"]', this.element).attr('selected', 'selected').prop('selected', true);
} else if(force){
this.element.append($('<option selected />').val(value).html(text));
} else if(this.options.tokensAllowCustom){
@ -333,8 +333,7 @@
* @returns {Tokenize2}
*/
Tokenize2.prototype.tokenRemove = function(v){
var $item = $('option[value="' + v + '"]', this.element);
var $item = $('option[value="' + $.escapeSelector(v) + '"]', this.element);
if($item.attr('data-type') === 'custom'){
$item.remove();
@ -342,7 +341,7 @@
$item.removeAttr('selected').prop('selected', false);
}
$('li.token[data-value="' + v + '"]', this.tokensContainer).remove();
$('li.token[data-value="' + $.escapeSelector(v) + '"]', this.tokensContainer).remove();
this.trigger('tokenize:tokens:reorder');
return this;