]> source.dussan.org Git - redmine.git/commitdiff
Fix for CVE-2015-9251 in JQuery 1.11.1 (#26857).
authorJean-Philippe Lang <jp_lang@yahoo.fr>
Sat, 7 Apr 2018 08:06:29 +0000 (08:06 +0000)
committerJean-Philippe Lang <jp_lang@yahoo.fr>
Sat, 7 Apr 2018 08:06:29 +0000 (08:06 +0000)
Patch by Gregor Schmidt.

git-svn-id: http://svn.redmine.org/redmine/trunk@17272 e93f8b46-1217-0410-a6f0-8f06a7374b81

public/javascripts/application.js

index ac5a6ed55837bd13f5446a8a0caa956a860449a0..c8a7df1fab1adf42a0a125aede88482d67c1c41a 100644 (file)
@@ -1,6 +1,13 @@
 /* Redmine - project management software
    Copyright (C) 2006-2017  Jean-Philippe Lang */
 
+/* Fix for CVE-2015-9251, to be removed with JQuery >= 3.0 */
+$.ajaxPrefilter(function (s) {
+  if (s.crossDomain) {
+    s.contents.script = false;
+  }
+});
+
 function checkAll(id, checked) {
   $('#'+id).find('input[type=checkbox]:enabled').prop('checked', checked);
 }