[BUGFIX] Escape markup in Notification popups 58/44658/3
authorFrank Nägler <frank.naegler@typo3.org>
Tue, 10 Nov 2015 10:26:45 +0000 (11:26 +0100)
committerAlexander Opitz <opitz.alexander@googlemail.com>
Tue, 10 Nov 2015 11:23:53 +0000 (12:23 +0100)
Resolves: #71456
Releases: master
Change-Id: Iee2de13ed99192eabe010ee9c518e7726baa42f8
Reviewed-on: https://review.typo3.org/44658
Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org>
Tested-by: Helmut Hummel <helmut.hummel@typo3.org>
Reviewed-by: Alexander Opitz <opitz.alexander@googlemail.com>
Tested-by: Alexander Opitz <opitz.alexander@googlemail.com>
typo3/sysext/backend/Resources/Public/JavaScript/Notification.js

index 42e2515..b921871 100644 (file)
@@ -173,12 +173,14 @@ define(['jquery'], function ($) {
                                                '</span>' +
                                        '</div>' +
                                        '<div class="media-body">' +
-                                               '<h4 class="alert-title">' + title + '</h4>' +
-                                               '<p class="alert-message">' + message + '</p>' +
+                                               '<h4 class="alert-title"></h4>' +
+                                               '<p class="alert-message"></p>' +
                                        '</div>' +
                                '</div>' +
                        '</div>'
                );
+               $box.find('.alert-title').text(title);
+               $box.find('.alert-message').text(message);
                $box.on('close.bs.alert', function(e) {
                        e.preventDefault();
                        $(this)