Fix/xss issues on data attributes (#27047)

* fix(collapse): xss CVE-2018-14040 Fixes #26625 * fix(tooltip): xss CVE-2018-14042 Fixes #26628 * fix(tooltip): XSS on data-viewport attribute Fixes #27044 * fix(affix): XSS on target config Fixes #27045
2026-06-11 18:02:28 +03:00 · 2018-08-13 18:09:18 +02:00
parent 13bf8aeae3
commit 2a5ba23ce8
6 changed files with 49 additions and 4 deletions
@@ -16,7 +16,9 @@
  var Affix = function (element, options) {
    this.options = $.extend({}, Affix.DEFAULTS, options)

-    this.$target = $(this.options.target)
+    var target = this.options.target === Affix.DEFAULTS.target ? $(this.options.target) : $(document).find(this.options.target)
+
+    this.$target = target
      .on('scroll.bs.affix.data-api', $.proxy(this.checkPosition, this))
      .on('click.bs.affix.data-api',  $.proxy(this.checkPositionWithEventLoop, this))