diff --git a/website/static/vendor/bootstrap/js/bootstrap.js b/website/static/vendor/bootstrap/js/bootstrap.js index c46ec9682..edc381883 100644 --- a/website/static/vendor/bootstrap/js/bootstrap.js +++ b/website/static/vendor/bootstrap/js/bootstrap.js @@ -520,7 +520,14 @@ function sanitizeSelector(selector) { var clickHandler = function (e) { var href var $this = $(this) - var $target = $($this.attr('data-target') || (href = $this.attr('href')) && href.replace(/.*(?=#[^\s]+$)/, '')) // strip for ie7 + + // sanitizing the elements + var dataTarget = $this.attr('data-target'); + var href = $this.attr('href'); + var sanitizedDataTarget = escapeHTML(dataTarget); + var sanitizedHref = escapeHTML(href); + var $target = $(sanitizedDataTarget || sanitizedHref && sanitizedHref.replace(/.*(?=#[^\s]+$)/, '')); + if (!$target.hasClass('carousel')) return var options = $.extend({}, $target.data(), $this.data()) var slideIndex = $this.attr('data-slide-to')