diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2025-11-27 16:13:05 +0100 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2025-11-27 16:13:05 +0100 |
| commit | 8a6af740bc499d93211275aba9fef96a3b6c554c (patch) | |
| tree | 59cec968f97249fbb2d9eb10bf5b7b6431f79fc4 /ishtar_common | |
| parent | 33c435052bd891ccb54b71b978a8b919d28f0ce1 (diff) | |
| download | Ishtar-8a6af740bc499d93211275aba9fef96a3b6c554c.tar.bz2 Ishtar-8a6af740bc499d93211275aba9fef96a3b6c554c.zip | |
🔒️ fix security issue for jQuery CVE-2019-11358
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
Diffstat (limited to 'ishtar_common')
| -rw-r--r-- | ishtar_common/static/js/jquery.js | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ishtar_common/static/js/jquery.js b/ishtar_common/static/js/jquery.js index 7fc60fca7..ec2f79ff9 100644 --- a/ishtar_common/static/js/jquery.js +++ b/ishtar_common/static/js/jquery.js @@ -209,8 +209,9 @@ jQuery.extend = jQuery.fn.extend = function() { src = target[ name ]; copy = options[ name ]; + // Prevent Object.prototype pollution // Prevent never-ending loop - if ( target === copy ) { + if ( name === "__proto__" || target === copy ) { continue; } |