Search and Top Navigation
#9913 closed bug (notabug)
Opened March 11, 2014 02:02PM UTC
Closed March 11, 2014 02:27PM UTC
Potential XSS Vulnerability in Jqueryui.js in version 1.10.3
| Reported by: | rakesh.harsh | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | none |
| Component: | [meta] ui.dev | Version: | 1.10.3 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description
Hello, I would like to report a XSS vulnerability that I've found on your js.
case 1. Code Snippet
File Name jquery-ui.js
line number :7128
Object : text
Destination : append
Method _renderItem: function( ul, item ) {
....
7128. .append( $( "<a>" ).text( item.label ) )
case 2. Code Snippet
File Name jquery-ui.js
line number :7129
Object : text
Destination : appendTo
Method _renderItem: function( ul, item ) {
....
7128. .append( $( "<a>" ).text( item.label ) )
7129. .appendTo( ul );
case 3. Code Snippet
File Name jquery-ui.js
line number :7129
Object : text
Destination : html
Method content: function() { {
....
....
14654. return $( "<a>" ).text( title ).html();
Rakesh
Attachments (0)
Change History (1)
Changed March 11, 2014 02:27PM UTC by comment:1
| resolution: | → notabug |
|---|---|
| status: | new → closed |
This is not an XSS vulnerability. We explicitly use
.text()to avoid that.