new version which fixes a security hole

This commit is contained in:
Uwe Steinmann 2016-01-14 20:04:18 +01:00
parent 1635cb92ba
commit 60ba9577de
6 changed files with 84 additions and 36 deletions

View File

@ -2,9 +2,9 @@
Chosen, a Select Box Enhancer for jQuery and Prototype
by Patrick Filler for Harvest, http://getharvest.com
Version 1.3.0
Version 1.4.2
Full source at https://github.com/harvesthq/chosen
Copyright (c) 2011-2014 Harvest http://getharvest.com
Copyright (c) 2011-2015 Harvest http://getharvest.com
MIT License, https://github.com/harvesthq/chosen/blob/master/LICENSE.md
This file is generated by `grunt build`, do not edit it by hand.
@ -44,6 +44,19 @@ This file is generated by `grunt build`, do not edit it by hand.
.chosen-container a {
cursor: pointer;
}
.chosen-container .search-choice .group-name, .chosen-container .chosen-single .group-name {
margin-right: 4px;
overflow: hidden;
white-space: nowrap;
text-overflow: ellipsis;
font-weight: normal;
color: #999999;
}
.chosen-container .search-choice .group-name:after, .chosen-container .chosen-single .group-name:after {
content: ":";
padding-left: 2px;
vertical-align: top;
}
/* @end */
/* @group Single Chosen */
@ -421,7 +434,7 @@ This file is generated by `grunt build`, do not edit it by hand.
/* @end */
/* @group Retina compatibility */
@media only screen and (-webkit-min-device-pixel-ratio: 2), only screen and (min-resolution: 144dpi) {
@media only screen and (-webkit-min-device-pixel-ratio: 1.5), only screen and (min-resolution: 144dpi), only screen and (min-resolution: 1.5dppx) {
.chosen-rtl .chosen-search input[type="text"],
.chosen-container-single .chosen-single abbr,
.chosen-container-single .chosen-single div b,

File diff suppressed because one or more lines are too long

View File

@ -2,9 +2,9 @@
Chosen, a Select Box Enhancer for jQuery and Prototype
by Patrick Filler for Harvest, http://getharvest.com
Version 1.3.0
Version 1.4.2
Full source at https://github.com/harvesthq/chosen
Copyright (c) 2011-2014 Harvest http://getharvest.com
Copyright (c) 2011-2015 Harvest http://getharvest.com
MIT License, https://github.com/harvesthq/chosen/blob/master/LICENSE.md
This file is generated by `grunt build`, do not edit it by hand.
@ -36,6 +36,7 @@ This file is generated by `grunt build`, do not edit it by hand.
array_index: group_position,
group: true,
label: this.escapeExpression(group.label),
title: group.title ? group.title : void 0,
children: 0,
disabled: group.disabled,
classes: group.className
@ -61,9 +62,11 @@ This file is generated by `grunt build`, do not edit it by hand.
value: option.value,
text: option.text,
html: option.innerHTML,
title: option.title ? option.title : void 0,
selected: option.selected,
disabled: group_disabled === true ? group_disabled : option.disabled,
group_array_index: group_position,
group_label: group_position != null ? this.parsed[group_position].label : null,
classes: option.className,
style: option.style.cssText
});
@ -152,7 +155,8 @@ This file is generated by `grunt build`, do not edit it by hand.
this.max_selected_options = this.options.max_selected_options || Infinity;
this.inherit_select_classes = this.options.inherit_select_classes || false;
this.display_selected_options = this.options.display_selected_options != null ? this.options.display_selected_options : true;
return this.display_disabled_options = this.options.display_disabled_options != null ? this.options.display_disabled_options : true;
this.display_disabled_options = this.options.display_disabled_options != null ? this.options.display_disabled_options : true;
return this.include_group_label_in_selected = this.options.include_group_label_in_selected || false;
};
AbstractChosen.prototype.set_default_text = function() {
@ -166,6 +170,14 @@ This file is generated by `grunt build`, do not edit it by hand.
return this.results_none_found = this.form_field.getAttribute("data-no_results_text") || this.options.no_results_text || AbstractChosen.default_no_result_text;
};
AbstractChosen.prototype.choice_label = function(item) {
if (this.include_group_label_in_selected && (item.group_label != null)) {
return "<b class='group-name'>" + item.group_label + "</b>" + item.html;
} else {
return item.html;
}
};
AbstractChosen.prototype.mouse_enter = function() {
return this.mouse_on_container = true;
};
@ -214,7 +226,7 @@ This file is generated by `grunt build`, do not edit it by hand.
if (data.selected && this.is_multiple) {
this.choice_build(data);
} else if (data.selected && !this.is_multiple) {
this.single_set_selected_text(data.text);
this.single_set_selected_text(this.choice_label(data));
}
}
}
@ -250,6 +262,9 @@ This file is generated by `grunt build`, do not edit it by hand.
option_el.style.cssText = option.style;
option_el.setAttribute("data-option-array-index", option.array_index);
option_el.innerHTML = option.search_text;
if (option.title) {
option_el.title = option.title;
}
return this.outerHTML(option_el);
};
@ -269,6 +284,9 @@ This file is generated by `grunt build`, do not edit it by hand.
group_el = document.createElement("li");
group_el.className = classes.join(" ");
group_el.innerHTML = group.search_text;
if (group.title) {
group_el.title = group.title;
}
return this.outerHTML(group_el);
};
@ -340,8 +358,8 @@ This file is generated by `grunt build`, do not edit it by hand.
}
results_group.active_options += 1;
}
option.search_text = option.group ? option.label : option.html;
if (!(option.group && !this.group_search)) {
option.search_text = option.group ? option.label : option.text;
option.search_match = this.search_string_match(option.search_text, regex);
if (option.search_match && !option.group) {
results += 1;
@ -618,9 +636,11 @@ This file is generated by `grunt build`, do not edit it by hand.
var _this = this;
this.container.bind('touchstart.chosen', function(evt) {
_this.container_mousedown(evt);
return evt.preventDefault();
});
this.container.bind('touchend.chosen', function(evt) {
_this.container_mouseup(evt);
return evt.preventDefault();
});
this.container.bind('mousedown.chosen', function(evt) {
_this.container_mousedown(evt);
@ -946,7 +966,7 @@ This file is generated by `grunt build`, do not edit it by hand.
_this = this;
choice = $('<li />', {
"class": "search-choice"
}).html("<span>" + item.html + "</span>");
}).html("<span>" + (this.choice_label(item)) + "</span>");
if (item.disabled) {
choice.addClass('search-choice-disabled');
} else {
@ -1014,6 +1034,7 @@ This file is generated by `grunt build`, do not edit it by hand.
} else {
this.reset_single_select_options();
}
high.addClass("result-selected");
item = this.results_data[high[0].getAttribute("data-option-array-index")];
item.selected = true;
this.form_field.options[item.options_index].selected = true;
@ -1021,7 +1042,7 @@ This file is generated by `grunt build`, do not edit it by hand.
if (this.is_multiple) {
this.choice_build(item);
} else {
this.single_set_selected_text(item.text);
this.single_set_selected_text(this.choice_label(item));
}
if (!((evt.metaKey || evt.ctrlKey) && this.is_multiple)) {
this.results_hide();
@ -1033,6 +1054,7 @@ This file is generated by `grunt build`, do not edit it by hand.
});
}
this.current_selectedIndex = this.form_field.selectedIndex;
evt.preventDefault();
return this.search_field_scale();
}
};
@ -1047,7 +1069,7 @@ This file is generated by `grunt build`, do not edit it by hand.
this.single_deselect_control_build();
this.selected_item.removeClass("chosen-default");
}
return this.selected_item.find("span").text(text);
return this.selected_item.find("span").html(text);
};
Chosen.prototype.result_deselect = function(pos) {
@ -1082,11 +1104,7 @@ This file is generated by `grunt build`, do not edit it by hand.
};
Chosen.prototype.get_search_text = function() {
if (this.search_field.val() === this.default_text) {
return "";
} else {
return $('<div/>').text($.trim(this.search_field.val())).html();
}
};
Chosen.prototype.winnow_results_set_highlight = function() {

File diff suppressed because one or more lines are too long

View File

@ -2,9 +2,9 @@
Chosen, a Select Box Enhancer for jQuery and Prototype
by Patrick Filler for Harvest, http://getharvest.com
Version 1.3.0
Version 1.4.2
Full source at https://github.com/harvesthq/chosen
Copyright (c) 2011-2014 Harvest http://getharvest.com
Copyright (c) 2011-2015 Harvest http://getharvest.com
MIT License, https://github.com/harvesthq/chosen/blob/master/LICENSE.md
This file is generated by `grunt build`, do not edit it by hand.
@ -36,6 +36,7 @@ This file is generated by `grunt build`, do not edit it by hand.
array_index: group_position,
group: true,
label: this.escapeExpression(group.label),
title: group.title ? group.title : void 0,
children: 0,
disabled: group.disabled,
classes: group.className
@ -61,9 +62,11 @@ This file is generated by `grunt build`, do not edit it by hand.
value: option.value,
text: option.text,
html: option.innerHTML,
title: option.title ? option.title : void 0,
selected: option.selected,
disabled: group_disabled === true ? group_disabled : option.disabled,
group_array_index: group_position,
group_label: group_position != null ? this.parsed[group_position].label : null,
classes: option.className,
style: option.style.cssText
});
@ -152,7 +155,8 @@ This file is generated by `grunt build`, do not edit it by hand.
this.max_selected_options = this.options.max_selected_options || Infinity;
this.inherit_select_classes = this.options.inherit_select_classes || false;
this.display_selected_options = this.options.display_selected_options != null ? this.options.display_selected_options : true;
return this.display_disabled_options = this.options.display_disabled_options != null ? this.options.display_disabled_options : true;
this.display_disabled_options = this.options.display_disabled_options != null ? this.options.display_disabled_options : true;
return this.include_group_label_in_selected = this.options.include_group_label_in_selected || false;
};
AbstractChosen.prototype.set_default_text = function() {
@ -166,6 +170,14 @@ This file is generated by `grunt build`, do not edit it by hand.
return this.results_none_found = this.form_field.getAttribute("data-no_results_text") || this.options.no_results_text || AbstractChosen.default_no_result_text;
};
AbstractChosen.prototype.choice_label = function(item) {
if (this.include_group_label_in_selected && (item.group_label != null)) {
return "<b class='group-name'>" + item.group_label + "</b>" + item.html;
} else {
return item.html;
}
};
AbstractChosen.prototype.mouse_enter = function() {
return this.mouse_on_container = true;
};
@ -214,7 +226,7 @@ This file is generated by `grunt build`, do not edit it by hand.
if (data.selected && this.is_multiple) {
this.choice_build(data);
} else if (data.selected && !this.is_multiple) {
this.single_set_selected_text(data.text);
this.single_set_selected_text(this.choice_label(data));
}
}
}
@ -250,6 +262,9 @@ This file is generated by `grunt build`, do not edit it by hand.
option_el.style.cssText = option.style;
option_el.setAttribute("data-option-array-index", option.array_index);
option_el.innerHTML = option.search_text;
if (option.title) {
option_el.title = option.title;
}
return this.outerHTML(option_el);
};
@ -269,6 +284,9 @@ This file is generated by `grunt build`, do not edit it by hand.
group_el = document.createElement("li");
group_el.className = classes.join(" ");
group_el.innerHTML = group.search_text;
if (group.title) {
group_el.title = group.title;
}
return this.outerHTML(group_el);
};
@ -340,8 +358,8 @@ This file is generated by `grunt build`, do not edit it by hand.
}
results_group.active_options += 1;
}
option.search_text = option.group ? option.label : option.html;
if (!(option.group && !this.group_search)) {
option.search_text = option.group ? option.label : option.text;
option.search_match = this.search_string_match(option.search_text, regex);
if (option.search_match && !option.group) {
results += 1;
@ -604,10 +622,12 @@ This file is generated by `grunt build`, do not edit it by hand.
Chosen.prototype.register_observers = function() {
var _this = this;
this.container.observe("touchstart", function(evt) {
return _this.container_mousedown(evt);
_this.container_mousedown(evt);
return evt.preventDefault();
});
this.container.observe("touchend", function(evt) {
return _this.container_mouseup(evt);
_this.container_mouseup(evt);
return evt.preventDefault();
});
this.container.observe("mousedown", function(evt) {
return _this.container_mousedown(evt);
@ -943,7 +963,7 @@ This file is generated by `grunt build`, do not edit it by hand.
_this = this;
choice = new Element('li', {
"class": "search-choice"
}).update("<span>" + item.html + "</span>");
}).update("<span>" + (this.choice_label(item)) + "</span>");
if (item.disabled) {
choice.addClassName('search-choice-disabled');
} else {
@ -1028,7 +1048,7 @@ This file is generated by `grunt build`, do not edit it by hand.
if (this.is_multiple) {
this.choice_build(item);
} else {
this.single_set_selected_text(item.text);
this.single_set_selected_text(this.choice_label(item));
}
if (!((evt.metaKey || evt.ctrlKey) && this.is_multiple)) {
this.results_hide();
@ -1038,6 +1058,7 @@ This file is generated by `grunt build`, do not edit it by hand.
this.form_field.simulate("change");
}
this.current_selectedIndex = this.form_field.selectedIndex;
evt.preventDefault();
return this.search_field_scale();
}
};
@ -1089,11 +1110,7 @@ This file is generated by `grunt build`, do not edit it by hand.
};
Chosen.prototype.get_search_text = function() {
if (this.search_field.value === this.default_text) {
return "";
} else {
return this.search_field.value.strip().escapeHTML();
}
};
Chosen.prototype.winnow_results_set_highlight = function() {

File diff suppressed because one or more lines are too long