change tooltip/popover html default to false for xss safety net

fat · fat · commit 003fcccceb86 · 2012-09-24T23:15:36.000-07:00
diff --git a/docs/assets/js/bootstrap-tooltip.js b/docs/assets/js/bootstrap-tooltip.js
@@ -269,7 +269,7 @@
   , trigger: 'hover'
   , title: ''
   , delay: 0
-  , html: true
+  , html: false
   }
 
 }(window.jQuery);
diff --git a/docs/assets/js/bootstrap.js b/docs/assets/js/bootstrap.js
@@ -1231,7 +1231,7 @@
   , trigger: 'hover'
   , title: ''
   , delay: 0
-  , html: true
+  , html: false
   }
 
 }(window.jQuery);
diff --git a/docs/assets/js/bootstrap.min.js b/docs/assets/js/bootstrap.min.js
diff --git a/js/bootstrap-tooltip.js b/js/bootstrap-tooltip.js
@@ -269,7 +269,7 @@
   , trigger: 'hover'
   , title: ''
   , delay: 0
-  , html: true
+  , html: false
   }
 
 }(window.jQuery);
diff --git a/js/tests/unit/bootstrap-tooltip.js b/js/tests/unit/bootstrap-tooltip.js
@@ -37,10 +37,11 @@ $(function () {
         tooltip.tooltip('hide')
       })
 
-      test("should always allow html entities", function () {
+      test("should allow html entities", function () {
         $.support.transition = false
         var tooltip = $('<a href="#" rel="tooltip" title="<b>@fat</b>"></a>')
           .appendTo('#qunit-fixture')
+          .tooltip({html: true})
           .tooltip('show')
 
         ok($('.tooltip b').length, 'b tag was inserted')
