kotovalexarian-likes-github
/
twbs--bootstrap
mirror of https://github.com/twbs/bootstrap.git
1
0
Fork 0
Code Releases Activity

detect if title in tooltip is text or html. if text - use `text` method to prevent xss. 

all add a few notes to js readme about updated event
This commit is contained in:
Jacob Thornton 2012-04-04 14:58:04 -07:00
parent 2dc979a202
commit 4bd611884a
3 changed files with 45 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
js/README.md
View File

@ -5,7 +5,7 @@ These are the high-level design rules which guide the development of Bootstrap's
### DATA-ATTRIBUTE API
We believe you should be able to use all plugins provided by Bootstrap purely through the markup API without writing a single line of javascript.
We believe you should be able to use all plugins provided by Bootstrap purely through the markup API without writing a single line of javascript. This is bootstraps first class api.
We acknowledge that this isn't always the most performant and sometimes it may be desirable to turn this functionality off altogether. Therefore, as of 2.0 we provide the ability to disable the data attribute API by unbinding all events on the body namespaced with `'data-api'`. This looks like this:
@ -29,7 +29,7 @@ All methods should accept an optional options object, a string which targets a p
$("#myModal").modal() // initialized with defaults
$("#myModal").modal({ keyboard: false }) // initialized with no keyboard
$("#myModal").modal('show') // initializes and invokes show immediately afterqwe2
$("#myModal").modal('show') // initializes and invokes show immediately
---
@ -60,6 +60,12 @@ All events should have an infinitive and past participle form. The infinitive is
show | shown
hide | hidden
All infinitive events should provide preventDefault functionality. This provides the abililty to stop the execution of an action.
$('#myModal').on('show', function (e) {
if (!data) return e.preventDefault() // stops modal from being shown
})
---
### CONSTRUCTORS

14
js/bootstrap-tooltip.js vendored
View File

@ -155,9 +155,21 @@
}
}
, isHTML: function( text ) {
// html string detection logic adapted from jQuery
return typeof text != 'string'
|| ( text.charAt(0) === "<"
&& text.charAt( text.length - 1 ) === ">"
&& text.length >= 3
) || /^(?:[^<]*<[\w\W]+>[^>]*$)/.exec(text)
}
, setContent: function () {
var $tip = this.tip()
$tip.find('.tooltip-inner').html(this.getTitle())
, title = this.getTitle()
, isHTML = this.isHTML(title)
$tip.find('.tooltip-inner')[isHTML ? 'html' : 'text'](title)
$tip.removeClass('fade in top bottom left right')
}

24
js/tests/unit/bootstrap-tooltip.js vendored
View File

@ -59,4 +59,28 @@ $(function () {
ok(!$(".tooltip").length, 'tooltip removed')
})
test("should detect if title string is html or text: foo", function () {
ok(!$.fn.tooltip.Constructor.prototype.isHTML('foo'), 'correctly detected html')
})
test("should detect if title string is html or text: &amp;lt;foo&amp;gt;", function () {
ok(!$.fn.tooltip.Constructor.prototype.isHTML('&lt;foo&gt;'), 'correctly detected html')
})
test("should detect if title string is html or text: &lt;div>foo&lt;/div>", function () {
ok($.fn.tooltip.Constructor.prototype.isHTML('<div>foo</div>'), 'correctly detected html')
})
test("should detect if title string is html or text: asdfa&lt;div>foo&lt;/div>asdfasdf", function () {
ok($.fn.tooltip.Constructor.prototype.isHTML('asdfa<div>foo</div>asdfasdf'), 'correctly detected html')
})
test("should detect if title string is html or text: document.createElement('div')", function () {
ok($.fn.tooltip.Constructor.prototype.isHTML(document.createElement('div')), 'correctly detected html')
})
test("should detect if title string is html or text: $('&lt;div />)", function () {
ok($.fn.tooltip.Constructor.prototype.isHTML($('<div></div>')), 'correctly detected html')
})
})