Commit 01afaad8 authored by Simon Coggins's avatar Simon Coggins Committed by Robert Lyon
Browse files

XSS in page content editor (Bug #1375092)



See bug for testing instructions

Change-Id: I05cc9c20399bdc6ad138a791e5318bc0fcdc7f0f
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
parent d02d83b3
......@@ -521,7 +521,7 @@
var element = $('#column-container > .row').eq(parseInt(position[0]) - 1).find('.column').eq(parseInt(position[1]) - 1);
var options = [get_string('blockordertop')];
element.find('.column-content .blockinstance .blockinstance-header').each(function() {
options.push(get_string('blockorderafter', $(this).find('h2.title').text()));
options.push(get_string('blockorderafter', $(this).find('h2.title').html()));
});
var selectbox = $('#addblock_position');
selectbox.html('<option>' + options.join('</option><option>') + '</option>');
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment