Skip to content

Commit

Permalink
MDL-49144 blocks: Sanitise alt and title for block controls
Browse files Browse the repository at this point in the history
  • Loading branch information
@andrewnicols @danpoltawski
andrewnicols authored and danpoltawski committed Mar 2, 2015
1 parent 8721ed5 commit ead8b28
Showing 1 changed file with 23 additions and 5 deletions.
28 changes: 23 additions & 5 deletions lib/javascript-static.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -597,14 +597,32 @@ M.util.init_block_hider = function(Y, config) {
this.set('block', '#'+this.get('id'));
var b = this.get('block'),
t = b.one('.title'),
a = null;
a = null,
hide,
show;
if (t && (a = t.one('.block_action'))) {
var hide = Y.Node.create('<img class="block-hider-hide" tabindex="0" alt="'+config.tooltipVisible+'" title="'+config.tooltipVisible+'" />');
hide.setAttribute('src', this.get('iconVisible')).on('click', this.updateState, this, true);
hide = Y.Node.create('<img />')
.addClass('block-hider-hide')
.setAttrs({
alt: config.tooltipVisible,
src: this.get('iconVisible'),
tabindex: 0,
'title': config.tooltipVisible
});
hide.on('keypress', this.updateStateKey, this, true);
var show = Y.Node.create('<img class="block-hider-show" tabindex="0" alt="'+config.tooltipHidden+'" title="'+config.tooltipHidden+'" />');
show.setAttribute('src', this.get('iconHidden')).on('click', this.updateState, this, false);
hide.on('click', this.updateState, this, true);

show = Y.Node.create('<img />')
.addClass('block-hider-show')
.setAttrs({
alt: config.tooltipHidden,
src: this.get('iconHidden'),
tabindex: 0,
'title': config.tooltipHidden
});
show.on('keypress', this.updateStateKey, this, false);
show.on('click', this.updateState, this, false);

a.insert(show, 0).insert(hide, 0);
}
},
Expand Down

0 comments on commit ead8b28

Please sign in to comment.