From 3ba14a12911dd1c9e84302d27811fec4540b9884 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Mon, 17 Feb 2014 11:18:59 +0000 Subject: [PATCH] always stop event propagation for click-handler executing on javascript urls in navigation --- phpgwapi/templates/idots/js/idots.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/phpgwapi/templates/idots/js/idots.js b/phpgwapi/templates/idots/js/idots.js index e0748dd500..ee8c5d87b4 100644 --- a/phpgwapi/templates/idots/js/idots.js +++ b/phpgwapi/templates/idots/js/idots.js @@ -63,7 +63,8 @@ egw_LAB.wait(function() { // allowing javascript urls in topmenu and sidebox only under CSP by binding click handlers to them var href_regexp = /^javascript:([^\(]+)\((.*)?\);?$/; - jQuery('#topmenu_items,#thesideboxcolumn').on('click','a[href^="javascript:"]',function(){ + jQuery('#topmenu_items,#thesideboxcolumn').on('click','a[href^="javascript:"]',function(ev){ + ev.stopPropagation(); // do NOT execute regular event, as it will violate CSP, when handler does NOT return false var matches = this.href.match(href_regexp); var args = []; if (matches.length > 1 && matches[2] !== undefined)