diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2025-11-27 12:59:40 +0100 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2025-11-29 17:17:14 +0100 |
| commit | e02be2d02c37e5cebefb7219a7006a2de5dcc4f3 (patch) | |
| tree | 6c94b8bd9441de1b39220526fdb335893be5af2b | |
| parent | c1037932a87ff82607fe82ef061f65e916119c7d (diff) | |
| download | Ishtar-e02be2d02c37e5cebefb7219a7006a2de5dcc4f3.tar.bz2 Ishtar-e02be2d02c37e5cebefb7219a7006a2de5dcc4f3.zip | |
🔒️ fix security issue for jQuery CVE-2015-9251
https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc
| -rw-r--r-- | ishtar_common/static/js/ishtar.js | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ishtar_common/static/js/ishtar.js b/ishtar_common/static/js/ishtar.js index 7ab6f7d1b..c5ef0aea9 100644 --- a/ishtar_common/static/js/ishtar.js +++ b/ishtar_common/static/js/ishtar.js @@ -23,10 +23,18 @@ beforeSend: function(xhr, settings) { } }}); +/* CVE-2020-11022 */ jQuery.htmlPrefilter = function(html) { return html; }; +/* CVE-2015-9251 */ +jQuery.ajaxPrefilter(function(s) { + if ( s.crossDomain ) { + s.contents.script = false; + } +}); + if (typeof String.prototype.endsWith !== 'function') { String.prototype.endsWith = function(suffix) { return this.indexOf(suffix, this.length - suffix.length) !== -1; |