fix xss vulnerabilities
bug: 15597152
bug: 15405607
Change-Id: I10582d5cd767b977fc2af0f2cf2642802feeffab
diff --git a/tools/droiddoc/templates-sdk/assets/js/docs.js b/tools/droiddoc/templates-sdk/assets/js/docs.js
index fb9f5b2..95a713a 100644
--- a/tools/droiddoc/templates-sdk/assets/js/docs.js
+++ b/tools/droiddoc/templates-sdk/assets/js/docs.js
@@ -2538,14 +2538,14 @@
/* Adjust the scroll position to account for sticky header, only if the hash matches an id */
function offsetScrollForSticky() {
- var hash = location.hash;
- var $matchingElement = $(hash);
+ var hash = escape(location.hash.substr(1));
+ var $matchingElement = $("#"+hash);
// If there's no element with the hash as an ID, then look for an <a name=''> with it.
if ($matchingElement.length < 1) {
- $matchingElement = $('a[name="' + hash.substr(1) + '"]');
+ $matchingElement = $('a[name="' + hash + '"]');
}
- // Sanity check that hash is a real hash and that there's an element with that ID on the page
- if ((hash.indexOf("#") == 0) && $matchingElement.length) {
+ // Sanity check that there's an element with that ID on the page
+ if ($matchingElement.length) {
// If the position of the target element is near the top of the page (<20px, where we expect it
// to be because we need to move it down 60px to become in view), then move it down 60px
if (Math.abs($matchingElement.offset().top - $(window).scrollTop()) < 20) {