From 3a63c3f39219186fa14c21f2b177d9fa75e3067d Mon Sep 17 00:00:00 2001
From: Andreas Gohr <gohr@cosmocode.de>
Date: Wed, 24 Feb 2016 10:59:50 +0100
Subject: [PATCH] clean up the onselect callback

This makes sure the provided callback is using alphanumerics only. I'm
not sure this is needed, but better safe than sorry.
---
 lib/scripts/media.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/scripts/media.js b/lib/scripts/media.js
index c52226eaa..dc0191d49 100644
--- a/lib/scripts/media.js
+++ b/lib/scripts/media.js
@@ -257,7 +257,7 @@ var dw_mediamanager = {
         edid = String.prototype.match.call(document.location, /&edid=([^&]+)/);
         edid = edid ? edid[1] : 'wiki__text';
         cb   = String.prototype.match.call(document.location, /&onselect=([^&]+)/);
-        cb   = cb ? cb[1] : 'dw_mediamanager_item_select';
+        cb   = cb ? cb[1].replace(/[^\w]+/, '') : 'dw_mediamanager_item_select';
 
         opener[cb](edid, id, opts, dw_mediamanager.align);
         if(!dw_mediamanager.keepopen) {
-- 
GitLab