Commit d2ed753a authored by boshtian's avatar boshtian

By boshtian, poiu: Fix XSS in context_reaction_block.js

parent 63da2071
......@@ -68,7 +68,7 @@ DrupalContextBlockForm = function(blockForm) {
// Hide enabled blocks from selector that are used
$('table.context-blockform-region tr').each(function() {
var bid = $(this).attr('id');
var bid = Drupal.checkPlain($(this).attr('id'));
$('div.context-blockform-selector input[value="'+bid+'"]').parents('div.form-item').eq(0).hide();
});
// Show blocks in selector that are unused
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment