#8056 closed bug (notabug)
XSS Vulnerability in selectmenu plugin
| Reported by: | gsejourne | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | 1.9.0 |
| Component: | ui.widget | Version: | 1.8.17 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description
Impacted Versions & components
Found on selectmenu plugin (http://wiki.jqueryui.com/w/page/12138056/Selectmenu), on version 1.9 of the plugin (version of jquery unrelevant here).
XSS vulnerability on the way the selectmenu plugin writes the selectmenu elements:
Observed Result
Test case on http://jsfiddle.net/zLUmC/
Suggested Fix
Line 284 of jquery.ui.selectmenu.js v1.9:
Replace
text: self._formatText(opt.text()),
By:
text: self._formatText(opt.html()),
Misc
The escapeHtml global option set to the selectmenu widget should typically handle this kind of escape, so that's probably something that needs to be extended.
Change History (3)
comment:1 follow-up: 2 Changed 9 years ago by
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
comment:2 Changed 9 years ago by
Replying to scott.gonzalez:
Moved to planning wiki, where we discuss unreleased plugins. http://wiki.jqueryui.com/w/page/12138056/Selectmenu#comment1327496346
Thanks, but I clicked "Report a bug" from that wiki page... which led me here. Any place to track this issue now ?
comment:3 Changed 9 years ago by
According to Felix, this issue doesn't exist in the official repo (the method you refer to doesn't even exist).
Moved to planning wiki, where we discuss unreleased plugins. http://wiki.jqueryui.com/w/page/12138056/Selectmenu#comment1327496346