lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1547 from GPCsolutions/jsinjection

Browse Source 
Qual: Prevent potential JS injection
This commit is contained in:
Laurent Destailleur 2014-04-23 21:14:22 +02:00
commit 6c56302fd2
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/core/js/lib_head.js
View File

@ -554,7 +554,9 @@ function newpopup(url,title) {
tmp=url;
var l = (argc > 2) ? argv[2] : 600;
var h = (argc > 3) ? argv[3] : 400;
var wfeatures="directories=0,menubar=0,status=0,resizable=0,scrollbars=1,toolbar=0,width="+l+",height="+h+",left=" + eval("(screen.width - l)/2") + ",top=" + eval("(screen.height - h)/2");
var left = (screen.width - l)/2;
var top = (screen.height - h)/2;
var wfeatures = "directories=0,menubar=0,status=0,resizable=0,scrollbars=1,toolbar=0,width=" + l +",height=" + h + ",left=" + left + ",top=" + top;
fen=window.open(tmp,title,wfeatures);
return false;
}