🔒️ fix security issue for jQuery CVE-2015-9251

https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc
author: Étienne Loks <etienne.loks@iggdrasil.net> 2025-11-27 12:59:40 +0100
committer: Étienne Loks <etienne.loks@iggdrasil.net> 2025-11-27 16:08:53 +0100
commit: 33c435052bd891ccb54b71b978a8b919d28f0ce1 (patch)
tree: 7b88a5aaf720db4370fb8679a89afb4ba586dc0d /ishtar_common
parent: 10171095b926e178e0467578349d96a579573d50 (diff)
download: Ishtar-33c435052bd891ccb54b71b978a8b919d28f0ce1.tar.bz2
Ishtar-33c435052bd891ccb54b71b978a8b919d28f0ce1.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/ishtar_common/static/js/ishtar.js b/ishtar_common/static/js/ishtar.js
index 28b32edf1..aba7cebac 100644
--- a/ishtar_common/static/js/ishtar.js
+++ b/ishtar_common/static/js/ishtar.js
@@ -23,10 +23,18 @@ beforeSend: function(xhr, settings) {
     }
 }});
 
+/* CVE-2020-11022 */
 jQuery.htmlPrefilter = function(html) {
     return html;
 };
 
+/* CVE-2015-9251 */
+jQuery.ajaxPrefilter(function(s) {
+    if ( s.crossDomain ) {
+        s.contents.script = false;
+    }
+});
+
 if (typeof String.prototype.endsWith !== 'function') {
     String.prototype.endsWith = function(suffix) {
         return this.indexOf(suffix, this.length - suffix.length) !== -1;
author	Étienne Loks <etienne.loks@iggdrasil.net>	2025-11-27 12:59:40 +0100
committer	Étienne Loks <etienne.loks@iggdrasil.net>	2025-11-27 16:08:53 +0100
commit	33c435052bd891ccb54b71b978a8b919d28f0ce1 (patch)
tree	7b88a5aaf720db4370fb8679a89afb4ba586dc0d /ishtar_common
parent	10171095b926e178e0467578349d96a579573d50 (diff)
download	Ishtar-33c435052bd891ccb54b71b978a8b919d28f0ce1.tar.bz2 Ishtar-33c435052bd891ccb54b71b978a8b919d28f0ce1.zip