[SECURITY] Raise bootstrap 3.4.0 to fix XSS in JS components 38/59538/2
authorBenni Mack <benni@typo3.org>
Tue, 22 Jan 2019 08:43:15 +0000 (09:43 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 22 Jan 2019 08:43:19 +0000 (09:43 +0100)
commitd80a3ad28ec29ccf27ab2533ce4af4f7ed6349dd
treeda44776a94c2f4102a2fe18c79ca6c0b6bbab870
parent18e154ec125d76720db0bce814e2a106d586f86b
[SECURITY] Raise bootstrap 3.4.0 to fix XSS in JS components

Fixes an XSS issue in Alert, Carousel, Collapse, Dropdown, Modal,
and Tab components.

Executed tasks:
  cd Build
  yarn add bootstrap-sass@^3.4.0 --dev
  yarn exec grunt

Then copying the contents of Build/node_modules/bootstrap-sass/assets/javascripts/bootstrap.min.js
into typo3/sysext/core/Resources/Public/JavaScript/Contrib/bootstrap/bootstrap.js
additionally adding the AMD factory wrapper.

Resolves: #86580
Releases: master, 9.5, 8.7
Security-Commit: f456e3c185b23c51d08a579ceef1082df473b01b
Security-Bulletin: TYPO3-CORE-SA-2019-006
Change-Id: I235a4b5f6865afd9283cd1e692b25d3a572513ba
Reviewed-on: https://review.typo3.org/59538
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Build/package.json
Build/yarn.lock
typo3/sysext/backend/Resources/Public/Css/backend.css
typo3/sysext/core/Resources/Public/JavaScript/Contrib/bootstrap/.bootstrap.diff [deleted file]
typo3/sysext/core/Resources/Public/JavaScript/Contrib/bootstrap/bootstrap.js