vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2026-04-02 08:12:21 -07:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Security: jQuery ajaxConvert cross-domain script mitigation (CVE-2015-9251)

Browse Source 
Backport upstream jQuery gh-2432 logic in bundled DataTables/jQuery:
skip inferred script conversion for cross-domain ajax responses.

Refs: 2546bb35b8
Made-with: Cursor
This commit is contained in:
navnitan-7
2026-03-31 02:08:15 +05:30
parent d17256cff6
commit 8b80a6d59c
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
front/lib/datatables/datatables.js
View File

@@ -9059,6 +9059,11 @@ function ajaxConvert( s, response, jqXHR, isSuccess ) {
// Convert response if prev dataType is non-auto and differs from current
} else if ( prev !== "*" && prev !== current ) {
// Mitigate possible XSS vulnerability (gh-2432)
if ( s.crossDomain && current === "script" ) {
continue;
}
// Seek a direct converter
conv = converters[ prev + " " + current ] || converters[ "* " + current ];