Merge pull request #702 from Automattic/fix-701

Sanitize location.hash before passing it to getElementById.

See #701.
This commit is contained in:
Konstantin Obenland 2015-02-17 10:16:21 -08:00
commit 70db168dc6
1 changed files with 8 additions and 1 deletions

View File

@ -5,7 +5,14 @@
if ( ( is_webkit || is_opera || is_ie ) && document.getElementById && window.addEventListener ) {
window.addEventListener( 'hashchange', function() {
var element = document.getElementById( location.hash.substring( 1 ) );
var id = location.hash.substring( 1 ),
element;
if ( ! /^[A-z0-9_-]+$/.test( id ) ) {
return;
}
element = document.getElementById( id );
if ( element ) {
if ( ! /^(?:a|select|input|button|textarea)$/i.test( element.tagName ) ) {