- Fix CVE-2018-14042: In Bootstrap before 4.1.2, XSS is possible in the
data-container property of tooltip.
- Fix an XSS vulnerability (CVE-2019-8331) in our tooltip and popover
plugins by implementing a new HTML sanitizer
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also install bootstrap.min.css.map as it is referenced from
bootstrap.min.css.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
other changes:
- Add a license file to bootstrap.mk
- Add a hash for the license file to bootstrap.hash
- Remove copying bootstrap-theme.min.css as it's no longer included.
- Remove copying fonts folder as it's no longer included.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Extended _EXTRACT_CMDS and _INSTALL_TARGET_CMDS to handle updated
internal zip structure:
$ unzip -l ../dl/bootstrap-3.3.1-dist.zip
Archive: ../dl/bootstrap-3.3.1-dist.zip
Length Date Time Name
--------- ---------- ----- ----
0 2014-11-12 18:03 dist/
0 2014-11-12 18:03 dist/css/
[...]
$ unzip -l ../dl/bootstrap-3.3.7-dist.zip
Archive: ../dl/bootstrap-3.3.7-dist.zip
Length Date Time Name
--------- ---------- ----- ----
0 2016-07-25 15:53 bootstrap-3.3.7-dist/css/
[...]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: better fix for the EXTRACT_CMDS, which consists in removing the
dist/ sub-directory.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: add 'cp -dpfr' instead of a convuluted use of 'tar c' + 'tar
x' do not a copy.]
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
