change tooltip/popover html default to false for xss safety net

003fcccc · Jacob Thornton · ebf94c53 · 003fcccc · 003fcccc · 003fcccc
Commit 003fcccc authored 12 years ago by Jacob Thornton
Expand all Hide whitespace changes
Inline Side-by-side

Showing

with 6 additions and 5 deletions
+6 -5
--- a/docs/assets/js/bootstrap-tooltip.js
+++ b/docs/assets/js/bootstrap-tooltip.js
@@ -269,7 +269,7 @@
  , trigger: 'hover'
  , title: ''
  , delay: 0
-  , html: true
+  , html: false
  }

 }(window.jQuery);
--- a/docs/assets/js/bootstrap.js
+++ b/docs/assets/js/bootstrap.js
@@ -1231,7 +1231,7 @@
  , trigger: 'hover'
  , title: ''
  , delay: 0
-  , html: true
+  , html: false
  }

 }(window.jQuery);

--- a/docs/assets/js/bootstrap.min.js
+++ b/docs/assets/js/bootstrap.min.js
--- a/js/bootstrap-tooltip.js
+++ b/js/bootstrap-tooltip.js
@@ -269,7 +269,7 @@
  , trigger: 'hover'
  , title: ''
  , delay: 0
-  , html: true
+  , html: false
  }

 }(window.jQuery);
--- a/js/tests/unit/bootstrap-tooltip.js
+++ b/js/tests/unit/bootstrap-tooltip.js
@@ -37,10 +37,11 @@ $(function () {
        tooltip.tooltip('hide')
      })

-      test("should always allow html entities", function () {
+      test("should allow html entities", function () {
        $.support.transition = false
        var tooltip = $('<a href="#" rel="tooltip" title="<b>@fat</b>"></a>')
          .appendTo('#qunit-fixture')
+          .tooltip({html: true})
          .tooltip('show')

        ok($('.tooltip b').length, 'b tag was inserted')