You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
// handle contextMenu triggers
$.fn.contextMenu = function (operation) {
var $t = this, $o = operation;
if (this.length > 0) { // this is not a build on demand menu
if (typeof operation === 'undefined') {
this.first().trigger('contextmenu');
...
...
} else if ($.isPlainObject(operation)) {
operation.context = this;
$.contextMenu('create', operation);
then call the function 'contexMenu', the operation pass to options, and pass to o
$.contextMenu = function (operation, options) {
if (typeof operation !== 'string') {
options = operation;
operation = 'create';
}
if (typeof options === 'string') {
options = {selector: options};
} else if (typeof options === 'undefined') {
options = {};
}
// merge with default options
var o = $.extend(true, {}, defaults, options || {});
in the end, o pass to contex,$-function evaluates its input as JavaScript-code instead of as a CSS-selector.The problem is that $(context) will execute JavaScript code if the value of context is a string like "<img src=x onerror=alert(1)>".
case 'destroy':
var $visibleMenu;
if (_hasContext) {
// get proper options
var context = o.context;
$.each(menus, function (ns, o) {
if (!o) {
return true;
}
// Is this menu equest to the context called from
if (!$(context).is(o.selector)) {
return true;
}
The text was updated successfully, but these errors were encountered:
The input variable 'operation'
then call the function 'contexMenu', the operation pass to options, and pass to o
in the end, o pass to contex,$-function evaluates its input as JavaScript-code instead of as a CSS-selector.The problem is that $(context) will execute JavaScript code if the value of context is a string like
"<imgsrc=x onerror=alert(1)>".The text was updated successfully, but these errors were encountered: