From d292a41b1df0ed7c92a84109b24c0cf9bdc90c64 Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@iggdrasil.net>
Date: Thu, 27 Nov 2025 16:13:05 +0100
Subject: 🔒️ fix security issue for jQuery CVE-2019-11358
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
---
 ishtar_common/static/js/jquery.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ishtar_common/static/js/jquery.js b/ishtar_common/static/js/jquery.js
index 7fc60fca7..ec2f79ff9 100644
--- a/ishtar_common/static/js/jquery.js
+++ b/ishtar_common/static/js/jquery.js
@@ -209,8 +209,9 @@ jQuery.extend = jQuery.fn.extend = function() {
 				src = target[ name ];
 				copy = options[ name ];
 
+				// Prevent Object.prototype pollution
 				// Prevent never-ending loop
-				if ( target === copy ) {
+				if ( name === "__proto__" || target === copy ) {
 					continue;
 				}
 
-- 
cgit v1.2.3