Search and Top Navigation
#8056 closed bug (notabug)
Opened January 25, 2012 10:40AM UTC
Closed January 25, 2012 12:59PM UTC
Last modified January 25, 2012 02:00PM UTC
XSS Vulnerability in selectmenu plugin
| Reported by: | gsejourne | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | 1.9.0 |
| Component: | ui.widget | Version: | 1.8.17 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description
Impacted Versions & components
Found on selectmenu plugin (http://wiki.jqueryui.com/w/page/12138056/Selectmenu),
on version 1.9 of the plugin (version of jquery unrelevant here).
XSS vulnerability on the way the selectmenu plugin writes the selectmenu elements:
Observed Result
Test case on http://jsfiddle.net/zLUmC/
Suggested Fix
Line 284 of jquery.ui.selectmenu.js v1.9:
Replace
text: self._formatText(opt.text()),
By:
text: self._formatText(opt.html()),
Misc
The **escapeHtml** global option set to the selectmenu widget should typically handle this kind of escape, so that's probably something that needs to be extended.
Attachments (0)
Change History (3)
Changed January 25, 2012 12:59PM UTC by comment:1
| resolution: | → invalid |
|---|---|
| status: | new → closed |
Changed January 25, 2012 01:58PM UTC by comment:2
Replying to [comment:1 scott.gonzalez]:
Moved to planning wiki, where we discuss unreleased plugins. http://wiki.jqueryui.com/w/page/12138056/Selectmenu#comment1327496346
Thanks, but I clicked "Report a bug" from that wiki page... which led me here.
Any place to track this issue now ?
Changed January 25, 2012 02:00PM UTC by comment:3
According to Felix, this issue doesn't exist in the official repo (the method you refer to doesn't even exist).
Moved to planning wiki, where we discuss unreleased plugins. http://wiki.jqueryui.com/w/page/12138056/Selectmenu#comment1327496346