[SECURITY] Raise bootstrap 3.4.0 to fix XSS in JS components 24/59524/2
authorBenni Mack <benni@typo3.org>
Tue, 22 Jan 2019 08:41:30 +0000 (09:41 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 22 Jan 2019 08:41:33 +0000 (09:41 +0100)
commit2afe72a43dfe7ab684a79e7624fb881bc270f28a
tree36b45d4dca8e0b934e35b90acb062699b0d7426d
parent732c4acfaeaa7fd193674cd4d1ca7e369e21b96f
[SECURITY] Raise bootstrap 3.4.0 to fix XSS in JS components

Fixes an XSS issue in Alert, Carousel, Collapse, Dropdown, Modal,
and Tab components.

Executed tasks:
  cd Build
  yarn add bootstrap-sass@^3.4.0 --dev
  yarn exec grunt

Then copying the contents of Build/node_modules/bootstrap-sass/assets/javascripts/bootstrap.min.js
into typo3/sysext/core/Resources/Public/JavaScript/Contrib/bootstrap/bootstrap.js
additionally adding the AMD factory wrapper.

Resolves: #86580
Releases: master, 9.5, 8.7
Security-Commit: 7d39af7d38a50b5395d9971497a62b53de331ee2
Security-Bulletin: TYPO3-CORE-SA-2019-006
Change-Id: Ib7fd88851d3d431a42059fda292c511d59256bc6
Reviewed-on: https://review.typo3.org/59524
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Build/package.json
Build/yarn.lock
typo3/sysext/backend/Resources/Public/Css/backend.css
typo3/sysext/core/Resources/Public/JavaScript/Contrib/bootstrap/.bootstrap.diff [deleted file]
typo3/sysext/core/Resources/Public/JavaScript/Contrib/bootstrap/bootstrap.js