Opened 9 years ago
Closed 9 years ago
#9913 closed bug (notabug)
Potential XSS Vulnerability in Jqueryui.js in version 1.10.3
| Reported by: | rakesh.harsh | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | none |
| Component: | [meta] ui.dev | Version: | 1.10.3 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description
Hello, I would like to report a XSS vulnerability that I've found on your js.
case 1. Code Snippet File Name jquery-ui.js line number :7128 Object : text Destination : append Method _renderItem: function( ul, item ) { .... 7128. .append( $( "<a>" ).text( item.label ) )
case 2. Code Snippet File Name jquery-ui.js line number :7129 Object : text Destination : appendTo Method _renderItem: function( ul, item ) { ....
- .append( $( "<a>" ).text( item.label ) )
- .appendTo( ul );
case 3. Code Snippet File Name jquery-ui.js line number :7129 Object : text Destination : html Method content: function() { { .... ....
- return $( "<a>" ).text( title ).html();
Rakesh
Note: See
TracTickets for help on using
tickets.
This is not an XSS vulnerability. We explicitly use
.text()to avoid that.