🔒️ fix security issue for jQuery CVE-2019-11358

https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
author: Étienne Loks <etienne.loks@iggdrasil.net> 2025-11-27 16:13:05 +0100
committer: Étienne Loks <etienne.loks@iggdrasil.net> 2025-11-29 17:18:04 +0100
commit: 845271fb1d0ffe1717c21b36b1507c216dee0337 (patch)
tree: 739d9efe7cef3f1646f606bc46aa4a7d98648b0c /ishtar_common/static
parent: e02be2d02c37e5cebefb7219a7006a2de5dcc4f3 (diff)
download: Ishtar-845271fb1d0ffe1717c21b36b1507c216dee0337.tar.bz2
Ishtar-845271fb1d0ffe1717c21b36b1507c216dee0337.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/ishtar_common/static/js/jquery.js b/ishtar_common/static/js/jquery.js
index 7fc60fca7..ec2f79ff9 100644
--- a/ishtar_common/static/js/jquery.js
+++ b/ishtar_common/static/js/jquery.js
@@ -209,8 +209,9 @@ jQuery.extend = jQuery.fn.extend = function() {
 				src = target[ name ];
 				copy = options[ name ];
 
+				// Prevent Object.prototype pollution
 				// Prevent never-ending loop
-				if ( target === copy ) {
+				if ( name === "__proto__" || target === copy ) {
 					continue;
 				}
author	Étienne Loks <etienne.loks@iggdrasil.net>	2025-11-27 16:13:05 +0100
committer	Étienne Loks <etienne.loks@iggdrasil.net>	2025-11-29 17:18:04 +0100
commit	845271fb1d0ffe1717c21b36b1507c216dee0337 (patch)
tree	739d9efe7cef3f1646f606bc46aa4a7d98648b0c /ishtar_common/static
parent	e02be2d02c37e5cebefb7219a7006a2de5dcc4f3 (diff)
download	Ishtar-845271fb1d0ffe1717c21b36b1507c216dee0337.tar.bz2 Ishtar-845271fb1d0ffe1717c21b36b1507c216dee0337.zip