Skip to main content

Search and Top Navigation

#8056 closed bug (notabug)

Opened January 25, 2012 10:40AM UTC

Closed January 25, 2012 12:59PM UTC

Last modified January 25, 2012 02:00PM UTC

XSS Vulnerability in selectmenu plugin

Reported by: gsejourne Owned by:
Priority: minor Milestone: 1.9.0
Component: ui.widget Version: 1.8.17
Keywords: Cc:
Blocked by: Blocking:
Description

Impacted Versions & components

Found on selectmenu plugin (http://wiki.jqueryui.com/w/page/12138056/Selectmenu),

on version 1.9 of the plugin (version of jquery unrelevant here).

XSS vulnerability on the way the selectmenu plugin writes the selectmenu elements:

Observed Result

Test case on http://jsfiddle.net/zLUmC/

Suggested Fix

Line 284 of jquery.ui.selectmenu.js v1.9:

Replace

 text: self._formatText(opt.text()),

By:

 text: self._formatText(opt.html()),

Misc

The **escapeHtml** global option set to the selectmenu widget should typically handle this kind of escape, so that's probably something that needs to be extended.

Attachments (0)
Change History (3)

Changed January 25, 2012 12:59PM UTC by scottgonzalez comment:1

resolution: → invalid
status: newclosed

Moved to planning wiki, where we discuss unreleased plugins. http://wiki.jqueryui.com/w/page/12138056/Selectmenu#comment1327496346

Changed January 25, 2012 01:58PM UTC by gsejourne comment:2

Replying to [comment:1 scott.gonzalez]:

Moved to planning wiki, where we discuss unreleased plugins. http://wiki.jqueryui.com/w/page/12138056/Selectmenu#comment1327496346

Thanks, but I clicked "Report a bug" from that wiki page... which led me here.

Any place to track this issue now ?

Changed January 25, 2012 02:00PM UTC by scottgonzalez comment:3

According to Felix, this issue doesn't exist in the official repo (the method you refer to doesn't even exist).