From eb0dec96134916284c5caeb57d1ad23ff67d6264 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Mon, 14 Apr 2014 09:07:12 -0400
Subject: [PATCH] Fix XSS issue in plain text spellchecker (#1489806)
---
CHANGELOG | 1 +
program/js/googiespell.js | 9 +++++----
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/CHANGELOG b/CHANGELOG
index 150d380..a32aeab 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -15,6 +15,7 @@
- Fix unintentional redirect from compose page in Webkit browsers (#1489789)
- Fix messages index cache update under some conditions (e.g. proxy) (#1489756)
- Fix lack of translation of special folders in some configurations (#1489799)
+- Fix XSS issue in plain text spellchecker (#1489806)
RELEASE 1.0.0
-------------
diff --git a/program/js/googiespell.js b/program/js/googiespell.js
index 9832116..c33c568 100644
--- a/program/js/googiespell.js
+++ b/program/js/googiespell.js
@@ -524,7 +524,7 @@
$(dummy).html(suggestions[i]);
$(item).mouseover(this.item_onmouseover).mouseout(this.item_onmouseout)
- .click(function(e) { ref.correctError(id, elm, e.target.firstChild) });
+ .click(function(e) { ref.correctError(id, elm, e.target.firstChild) });
item.appendChild(dummy);
row.appendChild(item);
@@ -565,14 +565,15 @@
ref.saveOldValue(elm, elm.innerHTML);
ref.updateOrginalText(offset, elm.innerHTML, edit_input.value, id);
- $(elm).attr('is_corrected', true).css('color', 'green').html(edit_input.value);
+ $(elm).attr('is_corrected', true).css('color', 'green').text(edit_input.value);
ref.hideErrorWindow();
}
return false;
};
- $(edit_input).width(120).css({'margin': 0, 'padding': 0});
- $(edit_input).val(elm.innerHTML).attr('googie_action_btn', '1');
+ $(edit_input).width(120)
+ .css({'margin': 0, 'padding': 0})
+ .val($(elm).text()).attr('googie_action_btn', '1');
$(edit).css('cursor', 'default').attr('googie_action_btn', '1');
$(ok_pic).attr('src', this.img_dir + 'ok.gif')
--
Gitblit v1.9.1