Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#8056 closed bug (notabug)

XSS Vulnerability in selectmenu plugin

Reported by: gsejourne Owned by:
Priority: minor Milestone: 1.9.0
Component: ui.widget Version: 1.8.17
Keywords: Cc:
Blocked by: Blocking:

Description

Impacted Versions & components

Found on selectmenu plugin (http://wiki.jqueryui.com/w/page/12138056/Selectmenu), on version 1.9 of the plugin (version of jquery unrelevant here).

XSS vulnerability on the way the selectmenu plugin writes the selectmenu elements:

Observed Result

Test case on http://jsfiddle.net/zLUmC/

Suggested Fix

Line 284 of jquery.ui.selectmenu.js v1.9:

Replace

 text: self._formatText(opt.text()),

By:

 text: self._formatText(opt.html()),

Misc

The escapeHtml global option set to the selectmenu widget should typically handle this kind of escape, so that's probably something that needs to be extended.

Change History (3)

comment:1 Changed 9 years ago by Scott González

Resolution: invalid
Status: newclosed

Moved to planning wiki, where we discuss unreleased plugins. http://wiki.jqueryui.com/w/page/12138056/Selectmenu#comment1327496346

comment:2 in reply to:  1 Changed 9 years ago by gsejourne

Replying to scott.gonzalez:

Moved to planning wiki, where we discuss unreleased plugins. http://wiki.jqueryui.com/w/page/12138056/Selectmenu#comment1327496346

Thanks, but I clicked "Report a bug" from that wiki page... which led me here. Any place to track this issue now ?

comment:3 Changed 9 years ago by Scott González

According to Felix, this issue doesn't exist in the official repo (the method you refer to doesn't even exist).

Note: See TracTickets for help on using tickets.