From: Matthias Schmidt <gravatronics@live.com>
Date: Sun, 10 Jul 2016 12:36:55 +0000 (+0200)
Subject: Properly handle script tags in dialog content
X-Git-Tag: 3.0.0_Beta_1~1226
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=0b9fb2ed427ec2a082b270a73976ca3f512b35b0;p=GitHub%2FWoltLab%2FWCF.git

Properly handle script tags in dialog content
---

diff --git a/wcfsetup/install/files/js/WoltLab/WCF/Ui/Dialog.js b/wcfsetup/install/files/js/WoltLab/WCF/Ui/Dialog.js
index c98dfcd9e9..373b79af8d 100644
--- a/wcfsetup/install/files/js/WoltLab/WCF/Ui/Dialog.js
+++ b/wcfsetup/install/files/js/WoltLab/WCF/Ui/Dialog.js
@@ -157,7 +157,7 @@ define(
 				if (typeof setupData.source === 'string') {
 					var dialogElement = elCreate('div');
 					elAttr(dialogElement, 'id', setupData.id);
-					dialogElement.innerHTML = setupData.source;
+					DomUtil.setInnerHtml(dialogElement, setupData.source);
 					
 					setupData.source = document.createDocumentFragment();
 					setupData.source.appendChild(dialogElement);
@@ -306,7 +306,7 @@ define(
 				if (typeof html === 'string') {
 					content = elCreate('div');
 					content.id = id;
-					content.innerHTML = html;
+					DomUtil.setInnerHtml(content, html);
 				}
 				else if (html instanceof DocumentFragment) {
 					if (html.children[0].nodeName !== 'div' || html.childElementCount > 1) {
@@ -366,17 +366,7 @@ define(
 				data.content.innerHTML = '';
 				
 				var content = elCreate('div');
-				content.innerHTML = html;
-				
-				var scripts = elBySelAll('script', content);
-				for (var i = 0, length = scripts.length; i < length; i++) {
-					var script = scripts[i];
-					var newScript = elCreate('script');
-					newScript.innerHTML = script.innerHTML;
-					content.appendChild(newScript);
-					
-					elRemove(script);
-				}
+				DomUtil.setInnerHtml(content, html);
 				
 				data.content.appendChild(content);
 			}