[Pkg-javascript-devel] Bug#928515: libjs-bootstrap-tour: Bootstrap sanitize breaks buttons in bootstrap-tour
Karsten Koop
kkoop at ld-didactic.de
Mon May 6 15:15:28 BST 2019
Package: libjs-bootstrap-tour
Version: 0.11.0+dfsg-1
Severity: normal
Tags: patch
Dear Maintainer,
A recent security update to Bootstrap 3 (for CVE-2019-8331) brakes bootstrap-tour, because the sanitation removes the next/prev buttons
from the popover. A workaround is passing 'sanitize:false' option to popover(), see attached patch.
-- System Information:
Debian Release: 9.9
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-0.bpo.4-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libjs-bootstrap-tour depends on:
ii libjs-bootstrap 3.3.7+dfsg-2+deb9u2
ii libjs-jquery 3.1.1-2+deb9u1
libjs-bootstrap-tour recommends no packages.
libjs-bootstrap-tour suggests no packages.
-- no debconf information
-------------- next part --------------
diff -uprN node-bootstrap-tour-0.11.0+dfsg/src/coffee/bootstrap-tour.coffee node-bootstrap-tour-0.11.0+dfsg-patched/src/coffee/bootstrap-tour.coffee
--- node-bootstrap-tour-0.11.0+dfsg/src/coffee/bootstrap-tour.coffee 2016-08-06 08:05:19.000000000 +0200
+++ node-bootstrap-tour-0.11.0+dfsg-patched/src/coffee/bootstrap-tour.coffee 2019-05-06 15:56:18.083204254 +0200
@@ -518,6 +518,7 @@
title: step.title
content: step.content
html: true
+ sanitize: false
animation: step.animation
container: step.container
template: step.template
More information about the Pkg-javascript-devel
mailing list