By boshtian, poiu: Fix XSS in context_reaction_block.js

d2ed753a · boshtian · 63da2071 · d2ed753a
Commit d2ed753a authored Feb 26, 2019 by boshtian
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

plugins/context_reaction_block.js plugins/context_reaction_block.js +1 -1

No files found.
--- a/plugins/context_reaction_block.js
+++ b/plugins/context_reaction_block.js
@@ -68,7 +68,7 @@ DrupalContextBlockForm = function(blockForm) {

    // Hide enabled blocks from selector that are used
    $('table.context-blockform-region tr').each(function() {
-      var bid = $(this).attr('id');
+      var bid = Drupal.checkPlain($(this).attr('id'));
      $('div.context-blockform-selector input[value="'+bid+'"]').parents('div.form-item').eq(0).hide();
    });
    // Show blocks in selector that are unused