Skip to content

Commit 230a3b6

Browse files
AmauriCAmauriC
committed
Security: avoid a DOM clobbering on document.currentScript
1 parent f64c840 commit 230a3b6

File tree

2 files changed

+6
-3
lines changed

2 files changed

+6
-3
lines changed

tarteaucitron.js

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,11 @@
11
/*jslint browser: true, evil: true */
22
/* min ready */
33

4-
var scripts = document.getElementsByTagName('script'),
5-
tarteaucitronPath = (document.currentScript || scripts[scripts.length - 1]).src.split('?')[0],
4+
var tarteaucitronScriptsDiscover = document.getElementsByTagName('script'),
5+
tarteaucitronCurrentScript = document.currentScript instanceof HTMLScriptElement
6+
? document.currentScript
7+
: tarteaucitronScriptsDiscover[tarteaucitronScriptsDiscover.length - 1],
8+
tarteaucitronPath = tarteaucitronCurrentScript.src.split('?')[0],
69
tarteaucitronForceCDN = (tarteaucitronForceCDN === undefined) ? '' : tarteaucitronForceCDN,
710
tarteaucitronUseMin = (tarteaucitronUseMin === undefined) ? '' : tarteaucitronUseMin,
811
cdn = (tarteaucitronForceCDN === '') ? tarteaucitronPath.split('/').slice(0, -1).join('/') + '/' : tarteaucitronForceCDN,

tarteaucitron.min.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)