JQuery Tooltip Cross Site Scripting

Posted on 29 August 2012

/* Author: Claudio Contin XSS bug on http://www.jquerytools.org/ tooltip component */ Tooltip component doesn't sanitize html passed to the 'title' element, even though the html is already sanitized before been passed to tooltip class. Cross site scripting is possible if user has control of the input passed to tooltip.