dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SECURITY: jquery.makeCollapsible: Escape user-generated CSS selectors
[lhc/web/wiklou.git] / resources / src / jquery / jquery.makeCollapsible.js
diff --git a/resources/src/jquery/jquery.makeCollapsible.js b/resources/src/jquery/jquery.makeCollapsible.js
index 1f40e0a..a433497 100644 (file)
--- a/resources/src/jquery/jquery.makeCollapsible.js
+++ b/resources/src/jquery/jquery.makeCollapsible.js
@@ -279,6 +279,7 @@
                        } else {
                                collapsibleId = $collapsible.attr( 'id' ) || '';
                                if ( collapsibleId.indexOf( 'mw-customcollapsible-' ) === 0 ) {
+                                       collapsibleId = $.escapeSelector( collapsibleId );
                                        $customTogglers = $( '.' + collapsibleId.replace( 'mw-customcollapsible', 'mw-customtoggle' ) )
                                                .addClass( 'mw-customtoggle' );
                                }
Wiklou, le Wiki du Wiklou