diff --git a/js/affix.js b/js/affix.js index b86bc4f340..481987a95e 100644 --- a/js/affix.js +++ b/js/affix.js @@ -16,7 +16,9 @@ var Affix = function (element, options) { this.options = $.extend({}, Affix.DEFAULTS, options) - this.$target = $(this.options.target) + var target = this.options.target === Affix.DEFAULTS.target ? $(this.options.target) : $(document).find(this.options.target) + + this.$target = target .on('scroll.bs.affix.data-api', $.proxy(this.checkPosition, this)) .on('click.bs.affix.data-api', $.proxy(this.checkPositionWithEventLoop, this)) diff --git a/js/collapse.js b/js/collapse.js index fcf8f3cbab..5cf64de1c1 100644 --- a/js/collapse.js +++ b/js/collapse.js @@ -137,7 +137,7 @@ } Collapse.prototype.getParent = function () { - return $(this.options.parent) + return $(document).find(this.options.parent) .find('[data-toggle="collapse"][data-parent="' + this.options.parent + '"]') .each($.proxy(function (i, element) { var $element = $(element) diff --git a/js/tests/unit/affix.js b/js/tests/unit/affix.js index 3a6918f866..b2d596e947 100644 --- a/js/tests/unit/affix.js +++ b/js/tests/unit/affix.js @@ -104,4 +104,19 @@ $(function () { }, 250) }, 250) }) + + QUnit.test('should raise exception to avoid xss on target', function (assert) { + assert.expect(1) + assert.throws(function () { + + var templateHTML = '
' + $(templateHTML).appendTo(document.body) + + $('#affixTarget').bootstrapAffix({ + target: '' + }) + + }, new Error('Syntax error, unrecognized expression: ')) + }) + }) diff --git a/js/tests/unit/collapse.js b/js/tests/unit/collapse.js index 0efa65400d..decad25acd 100644 --- a/js/tests/unit/collapse.js +++ b/js/tests/unit/collapse.js @@ -440,4 +440,14 @@ $(function () { .bootstrapCollapse('show') }) + QUnit.test('should raise exception to avoid xss on data-parent', function (assert) { + assert.expect(1) + assert.throws(function () { + $('') + .appendTo('#qunit-fixture') + .bootstrapCollapse('show') + .trigger('click'); + }, new Error('Syntax error, unrecognized expression: ')) + }) + }) diff --git a/js/tests/unit/tooltip.js b/js/tests/unit/tooltip.js index 27ce6208e7..57c021b61a 100644 --- a/js/tests/unit/tooltip.js +++ b/js/tests/unit/tooltip.js @@ -1322,4 +1322,22 @@ $(function () { }) }) + QUnit.test('should raise exception to avoid xss on data-container', function (assert) { + assert.expect(1) + assert.throws(function () { + $('') + .appendTo('#qunit-fixture') + .bootstrapTooltip('show') + }, new Error('Syntax error, unrecognized expression: ')) + }) + + QUnit.test('should raise exception to avoid xss on data-viewport', function (assert) { + assert.expect(1) + assert.throws(function () { + $('') + .appendTo('#qunit-fixture') + .bootstrapTooltip('show') + }, new Error('Syntax error, unrecognized expression: ')) + }) + }) diff --git a/js/tooltip.js b/js/tooltip.js index 968a97871a..f7b0d00e79 100644 --- a/js/tooltip.js +++ b/js/tooltip.js @@ -51,7 +51,7 @@ this.type = type this.$element = $(element) this.options = this.getOptions(options) - this.$viewport = this.options.viewport && $($.isFunction(this.options.viewport) ? this.options.viewport.call(this, this.$element) : (this.options.viewport.selector || this.options.viewport)) + this.$viewport = this.options.viewport && $(document).find($.isFunction(this.options.viewport) ? this.options.viewport.call(this, this.$element) : (this.options.viewport.selector || this.options.viewport)) this.inState = { click: false, hover: false, focus: false } if (this.$element[0] instanceof document.constructor && !this.options.selector) { @@ -204,7 +204,7 @@ .addClass(placement) .data('bs.' + this.type, this) - this.options.container ? $tip.appendTo(this.options.container) : $tip.insertAfter(this.$element) + this.options.container ? $tip.appendTo($(document).find(this.options.container)) : $tip.insertAfter(this.$element) this.$element.trigger('inserted.bs.' + this.type) var pos = this.getPosition()