Download as
Browse Code »

Commit 2d698f0ba030aacf5d1a56ee9f6e6f0675c88389

Authored by Victor Costa
Committed by Rodrigo Souto
1 parent 6e9b3b36
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

Fix jquery xss issue

Showing 1 changed file with 2 additions and 1 deletions   Show diff stats
public/javascripts/jquery-latest.js
  Diff comments   View file @2d698f0
@@ -36,7 +36,8 @@ var jQuery = function( selector, context ) { @@ -36,7 +36,8 @@ var jQuery = function( selector, context ) {
36 36
37 // A simple way to check for HTML strings or ID strings 37 // A simple way to check for HTML strings or ID strings
38 // (both of which we optimize for) 38 // (both of which we optimize for)
39 - quickExpr = /^(?:[^<]*(<[\w\W]+>)[^>]*$|#([\w\-]+)$)/, 39 + //fix xss: http://ma.la/jquery_xss/ http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/
  40 + quickExpr = /^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/,
40 41
41 // Check if a string has a non-whitespace character in it 42 // Check if a string has a non-whitespace character in it
42 rnotwhite = /\S/, 43 rnotwhite = /\S/,