sanitize template option for tooltip/popover plugins (!28236) · Merge requests · Bootstrap / bootstrap

Merged Administrator requested to merge v4-dev-jo-sanitize into v4-dev Feb 11, 2019

Created by: Johann-S

XSS was possible in the tooltip or popover data-template, data-content and data-title attributes.

Fixes CVE-2019-8331.