Dialog: Extract setting the title into a _title method, use .text() t…

…o prevent XSS. Fixes #6016 - Dialog: Title XSS Vulnerability.
jquery · Nov 26, 2012 · 7e9060c · 7e9060c
1 parent 60486ac
commit 7e9060c
Showing 1 changed file with 9 additions and 4 deletions.
diff --git a/ui/jquery.ui.dialog.js b/ui/jquery.ui.dialog.js
@@ -352,14 +352,21 @@ $.widget("ui.dialog", {
 		uiDialogTitle = $( "<span>" )
 			.uniqueId()
 			.addClass( "ui-dialog-title" )
-			.html( this.options.title || "&#160;" )
 			.prependTo( this.uiDialogTitlebar );
+		this._title( uiDialogTitle );
 
 		this.uiDialog.attr({
 			"aria-labelledby": uiDialogTitle.attr( "id" )
 		});
 	},
 
+	_title: function( title ) {
+		if ( !this.options.title ) {
+			title.html( "&#160;" );
+		}
+		title.text( this.options.title );
+	},
+
 	_createButtonPane: function() {
 		var uiDialogButtonPane = ( this.uiDialogButtonPane = $( "<div>" ) )
 			.addClass( "ui-dialog-buttonpane ui-widget-content ui-helper-clearfix" );
@@ -600,9 +607,7 @@ $.widget("ui.dialog", {
 		}
 
 		if ( key === "title" ) {
-			// convert whatever was passed in to a string, for html() to not throw up
-			$( ".ui-dialog-title", this.uiDialogTitlebar )
-				.html( "" + ( value || "&#160;" ) );
+			this._title( this.uiDialogTitlebar.find( ".ui-dialog-title" ) );
 		}
 	},