diff options
author | Aleksander Machniak <alec@alec.pl> | 2014-04-14 15:07:12 +0200 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2014-04-14 15:07:47 +0200 |
commit | fd309c365005d1dfee102fea1accb36c29788a0b (patch) | |
tree | 20869f0fac88ac7667592748a365683cb46f03fe | |
parent | f4bd85b8d0414f16e90f0e8ceaf0cc031df68f59 (diff) |
Fix XSS issue in plain text spellchecker (#1489806)
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | program/js/googiespell.js | 9 |
2 files changed, 6 insertions, 4 deletions
@@ -7,6 +7,7 @@ CHANGELOG Roundcube Webmail - Fix unintentional redirect from compose page in Webkit browsers (#1489789) - Fix messages index cache update under some conditions (e.g. proxy) (#1489756) - Fix lack of translation of special folders in some configurations (#1489799) +- Fix XSS issue in plain text spellchecker (#1489806) RELEASE 1.0.0 ------------- diff --git a/program/js/googiespell.js b/program/js/googiespell.js index 9832116dd..c33c56872 100644 --- a/program/js/googiespell.js +++ b/program/js/googiespell.js @@ -524,7 +524,7 @@ this.showErrorWindow = function(elm, id) $(dummy).html(suggestions[i]); $(item).mouseover(this.item_onmouseover).mouseout(this.item_onmouseout) - .click(function(e) { ref.correctError(id, elm, e.target.firstChild) }); + .click(function(e) { ref.correctError(id, elm, e.target.firstChild) }); item.appendChild(dummy); row.appendChild(item); @@ -565,14 +565,15 @@ this.showErrorWindow = function(elm, id) ref.saveOldValue(elm, elm.innerHTML); ref.updateOrginalText(offset, elm.innerHTML, edit_input.value, id); - $(elm).attr('is_corrected', true).css('color', 'green').html(edit_input.value); + $(elm).attr('is_corrected', true).css('color', 'green').text(edit_input.value); ref.hideErrorWindow(); } return false; }; - $(edit_input).width(120).css({'margin': 0, 'padding': 0}); - $(edit_input).val(elm.innerHTML).attr('googie_action_btn', '1'); + $(edit_input).width(120) + .css({'margin': 0, 'padding': 0}) + .val($(elm).text()).attr('googie_action_btn', '1'); $(edit).css('cursor', 'default').attr('googie_action_btn', '1'); $(ok_pic).attr('src', this.img_dir + 'ok.gif') |