rayelliott
/
_s
Archived
forked from mirror/_s
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #702 from Automattic/fix-701 

Sanitize location.hash before passing it to getElementById.

See #701.
This commit is contained in:
Konstantin Obenland 2015-02-17 10:16:21 -08:00
parent 4309cd6c56 dea243f2eb
commit 70db168dc6
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
js/skip-link-focus-fix.js
View File

@ -5,7 +5,14 @@
if ( ( is_webkit || is_opera || is_ie ) && document.getElementById && window.addEventListener ) { if ( ( is_webkit || is_opera || is_ie ) && document.getElementById && window.addEventListener ) {
window.addEventListener( 'hashchange', function() { window.addEventListener( 'hashchange', function() {
var element = document.getElementById( location.hash.substring( 1 ) ); var id = location.hash.substring( 1 ),
element;
if ( ! /^[A-z0-9_-]+$/.test( id ) ) {
return;
}
element = document.getElementById( id );
if ( element ) { if ( element ) {
if ( ! /^(?:a|select|input|button|textarea)$/i.test( element.tagName ) ) { if ( ! /^(?:a|select|input|button|textarea)$/i.test( element.tagName ) ) {