From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001 From: Aleksander Machniak <alec@alec.pl> Date: Tue, 22 Oct 2013 08:17:26 -0400 Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382) --- program/js/tiny_mce/themes/advanced/js/link.js | 12 +++++++++--- 1 files changed, 9 insertions(+), 3 deletions(-) diff --git a/program/js/tiny_mce/themes/advanced/js/link.js b/program/js/tiny_mce/themes/advanced/js/link.js index 53ff409..8c1d73c 100644 --- a/program/js/tiny_mce/themes/advanced/js/link.js +++ b/program/js/tiny_mce/themes/advanced/js/link.js @@ -68,10 +68,16 @@ } else { ed.dom.setAttribs(e, { href : href, - title : f.linktitle.value, - target : f.target_list ? getSelectValue(f, "target_list") : null, - 'class' : f.class_list ? getSelectValue(f, "class_list") : null + title : f.linktitle.value }); + + if (f.target_list) { + ed.dom.setAttrib(e, 'target', getSelectValue(f, "target_list")); + } + + if (f.class_list) { + ed.dom.setAttrib(e, 'class', getSelectValue(f, "class_list")); + } } // Don't move caret if selection was image -- Gitblit v1.9.1