Changeset 27071

Timestamp:

02/02/2014 09:11:24 PM (12 years ago)

Author:

azaozz

Message:

WP_Link: convert < > and " to HTML entities when setting link title for the Text editor. Fixes #25704.

File:

• trunk/src/wp-includes/js/wplink.js (modified) (2 diffs)

trunk/src/wp-includes/js/wplink.js

@@ -166 +166 @@
 
         htmlUpdate: function() {
-            var attrs, html, begin, end, cursor,
+            var attrs, html, begin, end, cursor, title,
                 textarea = wpLink.textarea;
 
@@ -182 +182 @@
 
             if ( attrs.title )
-                html += ' title="' + attrs.title + '"';
+                title = attrs.title.replace( /</g, '&lt;' ).replace( />/g, '&gt;' ).replace( /"/g, '&quot;' );
+                html += ' title="' + title + '"';
             if ( attrs.target )
                 html += ' target="' + attrs.target + '"';