From 149096016f70fd815540d62c0989fd99cdc809e0 Mon Sep 17 00:00:00 2001 From: Johann-S Date: Wed, 30 May 2018 09:46:50 +0200 Subject: [PATCH] fix(collapse): xss in parent option --- js/src/collapse.js | 2 +- js/tests/visual/collapse.html | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/js/src/collapse.js b/js/src/collapse.js index a756542273fb..2c48cf545205 100644 --- a/js/src/collapse.js +++ b/js/src/collapse.js @@ -289,7 +289,7 @@ const Collapse = (($) => { parent = this._config.parent[0] } } else { - parent = $(this._config.parent)[0] + parent = document.querySelector(this._config.parent) } const selector = diff --git a/js/tests/visual/collapse.html b/js/tests/visual/collapse.html index 3005920957de..24698d764f12 100644 --- a/js/tests/visual/collapse.html +++ b/js/tests/visual/collapse.html @@ -54,6 +54,20 @@
+
+ +
+
+ Anim pariatur cliche reprehenderit, enim eiusmod high life accusamus terry richardson ad squid. 3 wolf moon officia aute, non cupidatat skateboard dolor brunch. Food truck quinoa nesciunt laborum eiusmod. Brunch 3 wolf moon tempor, sunt aliqua put a bird on it squid single-origin coffee nulla assumenda shoreditch et. Nihil anim keffiyeh helvetica, craft beer labore wes anderson cred nesciunt sapiente ea proident. Ad vegan excepteur butcher vice lomo. Leggings occaecat craft beer farm-to-table, raw denim aesthetic synth nesciunt you probably haven't heard of them accusamus labore sustainable VHS. +
+
+