From 3b77ab5a01f1c3297bed32d9c7fac68a61bf3d20 Mon Sep 17 00:00:00 2001
From: "smain@google.com" <smain@google.com>
Date: Tue, 17 Jun 2014 11:57:27 -0700
Subject: [PATCH] fix xss vulnerabilities bug: 15597152 bug: 15405607

Change-Id: I10582d5cd767b977fc2af0f2cf2642802feeffab
---
 tools/droiddoc/templates-sdk/assets/js/docs.js | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/tools/droiddoc/templates-sdk/assets/js/docs.js b/tools/droiddoc/templates-sdk/assets/js/docs.js
index fb9f5b24fd..95a713a22d 100644
--- a/tools/droiddoc/templates-sdk/assets/js/docs.js
+++ b/tools/droiddoc/templates-sdk/assets/js/docs.js
@@ -2538,14 +2538,14 @@ google.setOnLoadCallback(function(){
 
 /* Adjust the scroll position to account for sticky header, only if the hash matches an id */
 function offsetScrollForSticky() {
-  var hash = location.hash;
-  var $matchingElement = $(hash);
+  var hash = escape(location.hash.substr(1));
+  var $matchingElement = $("#"+hash);
   // If there's no element with the hash as an ID, then look for an <a name=''> with it.
   if ($matchingElement.length < 1) {
-    $matchingElement = $('a[name="' + hash.substr(1) + '"]');
+    $matchingElement = $('a[name="' + hash + '"]');
   }
-  // Sanity check that hash is a real hash and that there's an element with that ID on the page
-  if ((hash.indexOf("#") == 0) && $matchingElement.length) {
+  // Sanity check that there's an element with that ID on the page
+  if ($matchingElement.length) {
     // If the position of the target element is near the top of the page (<20px, where we expect it
     // to be because we need to move it down 60px to become in view), then move it down 60px
     if (Math.abs($matchingElement.offset().top - $(window).scrollTop()) < 20) {