Opened 8 years ago

Closed 8 years ago

#9913 closed bug (notabug)

Potential XSS Vulnerability in Jqueryui.js in version 1.10.3

Reported by: rakesh.harsh Owned by:
Priority: minor Milestone: none
Component: [meta] ui.dev Version: 1.10.3
Keywords: Cc:
Blocked by: Blocking:

Description

Hello, I would like to report a XSS vulnerability that I've found on your js.

case 1. Code Snippet File Name jquery-ui.js line number :7128 Object : text Destination : append Method _renderItem: function( ul, item ) { .... 7128. .append( $( "<a>" ).text( item.label ) )

case 2. Code Snippet File Name jquery-ui.js line number :7129 Object : text Destination : appendTo Method _renderItem: function( ul, item ) { ....

  1. .append( $( "<a>" ).text( item.label ) )
  2. .appendTo( ul );

case 3. Code Snippet File Name jquery-ui.js line number :7129 Object : text Destination : html Method content: function() { { .... ....

  1. return $( "<a>" ).text( title ).html();

Rakesh

Change History (1)

comment:1 Changed 8 years ago by Scott González

Resolution: notabug
Status: newclosed

This is not an XSS vulnerability. We explicitly use .text() to avoid that.

Note: See TracTickets for help on using tickets.