Skip to content

Commit b659c4c

Browse files
committed
Proper escaping of name, value, and type queries
1 parent 65adc8a commit b659c4c

File tree

1 file changed

+10
-10
lines changed

1 file changed

+10
-10
lines changed

inst/www/shared/shiny.js

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -2089,13 +2089,13 @@
20892089
},
20902090
getValue: function(el) {
20912091
// Select the radio objects that have name equal to the grouping div's id
2092-
return $('input:radio[name=' + el.id + ']:checked').val();
2092+
return $('input:radio[name="' + $escape(el.id) + '"]:checked').val();
20932093
},
20942094
setValue: function(el, value) {
2095-
$('input:radio[name=' + el.id + '][value=' + value + ']').prop('checked', true);
2095+
$('input:radio[name="' + $escape(el.id) + '"][value="' + $escape(value) + '"]').prop('checked', true);
20962096
},
20972097
getState: function(el) {
2098-
var $objs = $('input:radio[name=' + el.id + ']');
2098+
var $objs = $('input:radio[name="' + $escape(el.id) + '"]');
20992099

21002100
// Store options in an array of objects, each with with value and label
21012101
var options = new Array($objs.length);
@@ -2196,7 +2196,7 @@
21962196
},
21972197
getValue: function(el) {
21982198
// Select the checkbox objects that have name equal to the grouping div's id
2199-
var $objs = $('input:checkbox[name=' + el.id + ']:checked');
2199+
var $objs = $('input:checkbox[name="' + $escape(el.id) + '"]:checked');
22002200
var values = new Array($objs.length);
22012201
for (var i = 0; i < $objs.length; i ++) {
22022202
values[i] = $objs[i].value;
@@ -2205,23 +2205,23 @@
22052205
},
22062206
setValue: function(el, value) {
22072207
// Clear all checkboxes
2208-
$('input:checkbox[name=' + el.id + ']').prop('checked', false);
2208+
$('input:checkbox[name="' + $escape(el.id) + '"]').prop('checked', false);
22092209

22102210
// Accept array
22112211
if (value instanceof Array) {
22122212
for (var i = 0; i < value.length; i++) {
2213-
$('input:checkbox[name=' + el.id + '][value=' + value[i] + ']')
2213+
$('input:checkbox[name="' + $escape(el.id) + '"][value="' + $escape(value[i]) + '"]')
22142214
.prop('checked', true);
22152215
}
22162216
// Else assume it's a single value
22172217
} else {
2218-
$('input:checkbox[name=' + el.id + '][value=' + value + ']')
2218+
$('input:checkbox[name="' + $escape(el.id) + '"][value="' + $escape(value) + '"]')
22192219
.prop('checked', true);
22202220
}
22212221

22222222
},
22232223
getState: function(el) {
2224-
var $objs = $('input:checkbox[name=' + el.id + ']');
2224+
var $objs = $('input:checkbox[name="' + $escape(el.id) + '"]');
22252225

22262226
// Store options in an array of objects, each with with value and label
22272227
var options = new Array($objs.length);
@@ -2749,8 +2749,8 @@
27492749

27502750
var els = $(
27512751
'input:checked' +
2752-
'[type="' + input.type + '"]' +
2753-
'[name="' + input.name + '"]');
2752+
'[type="' + $escape(input.type) + '"]' +
2753+
'[name="' + $escape(input.name) + '"]');
27542754
var values = els.map(function() { return this.value; }).get();
27552755
if (exclusiveValue) {
27562756
if (values.length > 0)

0 commit comments

Comments
 (0)