Search and Top Navigation
#7272 closed bug (worksforme)
Opened April 20, 2011 03:56AM UTC
Closed May 16, 2011 01:15PM UTC
Combobox demo: XSS vulnerability
| Reported by: | plentz | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | 1.9.0 |
| Component: | ui.autocomplete | Version: | 1.8.11 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description
The values of the select options should be treated as text, not html.
Attachments (0)
Change History (3)
Changed May 03, 2011 12:36PM UTC by comment:1
| description: | If the elements of the combobox contains any xss, it will be executed when the user try to filter its elements. \ \ github pullrequest https://github.com/jquery/jquery-ui/pull/158 \ github commit https://github.com/plentz/jquery-ui/commit/aaa51190ad949c99228f425bbd2bad115977e7b0 → The values of the select options should be treated as text, not html. |
|---|---|
| status: | new → open |
| summary: | Autocomplete-combobox has a serious xss vulnerability → Combobox demo: XSS vulnerability |
Changed May 13, 2011 11:11PM UTC by comment:2
This looks fixed already.
Changed May 16, 2011 01:15PM UTC by comment:3
| resolution: | → worksforme |
|---|---|
| status: | open → closed |
This actually doesn't seem to have been a problem.