diff options
| author | Dries Buytaert <dries@buytaert.net> | 2009-09-05 10:05:38 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2009-09-05 10:05:38 +0000 |
| commit | 826b3fa81708a6b16a5dcc2d4f913010f347ff40 (patch) | |
| tree | 0ba97b29fab50513a5e275b926d17eef4789b2b4 | |
| parent | c993b73e5f7f7cfdcedf28eac7069a58d82f6837 (diff) | |
| download | brdo-826b3fa81708a6b16a5dcc2d4f913010f347ff40.tar.gz brdo-826b3fa81708a6b16a5dcc2d4f913010f347ff40.tar.bz2 | |
- Patch #565994 by mfb: src attribute for external javascript should be HTML-encoded.
| -rw-r--r-- | includes/common.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/common.inc b/includes/common.inc index 2cc735049..848bd667c 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -3157,7 +3157,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL) { case 'external': // Preprocessing for external JavaScript files is ignored. - $output .= '<script type="text/javascript"' . ($item['defer'] ? ' defer="defer"' : '') . ' src="' . $item['data'] . "\"></script>\n"; + $output .= '<script type="text/javascript"' . ($item['defer'] ? ' defer="defer"' : '') . ' src="' . check_plain($item['data']) . "\"></script>\n"; break; } } |