mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-23 00:13:35 +01:00
always stop event propagation for click-handler executing on javascript urls in navigation
This commit is contained in:
parent
092af04bc4
commit
3ba14a1291
@ -63,7 +63,8 @@ egw_LAB.wait(function() {
|
||||
|
||||
// allowing javascript urls in topmenu and sidebox only under CSP by binding click handlers to them
|
||||
var href_regexp = /^javascript:([^\(]+)\((.*)?\);?$/;
|
||||
jQuery('#topmenu_items,#thesideboxcolumn').on('click','a[href^="javascript:"]',function(){
|
||||
jQuery('#topmenu_items,#thesideboxcolumn').on('click','a[href^="javascript:"]',function(ev){
|
||||
ev.stopPropagation(); // do NOT execute regular event, as it will violate CSP, when handler does NOT return false
|
||||
var matches = this.href.match(href_regexp);
|
||||
var args = [];
|
||||
if (matches.length > 1 && matches[2] !== undefined)
|
||||
|
Loading…
Reference in New Issue
Block a user