id summary reporter owner description type status priority milestone component version resolution keywords cc blockedby blocking 15284 XSS Vulnerability on text options of jQuery UI datepicker andycyork "similar to https://github.com/jquery/api.jqueryui.com/issues/281 but applies to the datepicker\\ **to recreate**\\ Create a new HTML page.\\ Inject this content into new page:\\ {{{ XSS in options of datepicker

Date:

}}} \\ on load, alerts are shown for appendText & buttonText\\ after clicking the input control, alerts are shown for closeText, currentText, prevText & nextText\\ \\ The scripted alerts should not be shown - an attacker can take advantage of injecting malicious XSS content into website." bug new minor none ui.datepicker 1.12.1