Révision cf490feb
Ajouté par Assos Assos il y a environ 6 ans
drupal7/misc/drupal.js | ||
---|---|---|
27 | 27 |
}; |
28 | 28 |
$.fn.init.prototype = jquery_init.prototype; |
29 | 29 |
|
30 |
/** |
|
31 |
* Pre-filter Ajax requests to guard against XSS attacks. |
|
32 |
* |
|
33 |
* See https://github.com/jquery/jquery/issues/2432 |
|
34 |
*/ |
|
35 |
if ($.ajaxPrefilter) { |
|
36 |
// For newer versions of jQuery, use an Ajax prefilter to prevent |
|
37 |
// auto-executing script tags from untrusted domains. This is similar to the |
|
38 |
// fix that is built in to jQuery 3.0 and higher. |
|
39 |
$.ajaxPrefilter(function (s) { |
|
40 |
if (s.crossDomain) { |
|
41 |
s.contents.script = false; |
|
42 |
} |
|
43 |
}); |
|
44 |
} |
|
45 |
else if ($.httpData) { |
|
46 |
// For the version of jQuery that ships with Drupal core, override |
|
47 |
// jQuery.httpData to prevent auto-detecting "script" data types from |
|
48 |
// untrusted domains. |
|
49 |
var jquery_httpData = $.httpData; |
|
50 |
$.httpData = function (xhr, type, s) { |
|
51 |
// @todo Consider backporting code from newer jQuery versions to check for |
|
52 |
// a cross-domain request here, rather than using Drupal.urlIsLocal() to |
|
53 |
// block scripts from all URLs that are not on the same site. |
|
54 |
if (!type && !Drupal.urlIsLocal(s.url)) { |
|
55 |
var content_type = xhr.getResponseHeader('content-type') || ''; |
|
56 |
if (content_type.indexOf('javascript') >= 0) { |
|
57 |
// Default to a safe data type. |
|
58 |
type = 'text'; |
|
59 |
} |
|
60 |
} |
|
61 |
return jquery_httpData.call(this, xhr, type, s); |
|
62 |
}; |
|
63 |
$.httpData.prototype = jquery_httpData.prototype; |
|
64 |
} |
|
65 |
|
|
30 | 66 |
/** |
31 | 67 |
* Attach all registered behaviors to a page element. |
32 | 68 |
* |
... | ... | |
137 | 173 |
*/ |
138 | 174 |
Drupal.checkPlain = function (str) { |
139 | 175 |
var character, regex, |
140 |
replace = { '&': '&', '"': '"', '<': '<', '>': '>' }; |
|
176 |
replace = { '&': '&', "'": ''', '"': '"', '<': '<', '>': '>' };
|
|
141 | 177 |
str = String(str); |
142 | 178 |
for (character in replace) { |
143 | 179 |
if (replace.hasOwnProperty(character)) { |
Formats disponibles : Unified diff
Update to 7.57