FCLT#54923 CVE-2015-9251; XSS prevented in jQuery 2.2.4

svn path=/Website/trunk/; revision=39355
2018-10-11 12:00:41 +00:00
parent 4890c30325
commit 021148fe1d
2 changed files with 8 additions and 1 deletions
--- a/APPL/Localscripts/jquery.mobile.min.js
+++ b/APPL/Localscripts/jquery.mobile.min.js
--- a/APPL/PDA/mobile.js
+++ b/APPL/PDA/mobile.js
@@ -8,6 +8,14 @@

 window.fcltmobile = 1;

+// Fix voor CVE-2015-9251 in jQuery 2.2.4 (FCLT#54923)
+// Prevent auto-execution of scripts when no explicit dataType was provided (See gh-2432)
+jQuery.ajaxPrefilter( function( s ) {
+	if ( s.crossDomain ) {
+		s.contents.script = false;
+	}
+} );
+
 $(document).bind("mobileinit", function() {

 // Enhancement to use history.replaceState in supported browsers,