Merged r17272 into 3.3-stable (#26857).

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Sat, 7 Apr 2018 08:08:43 +0000 (08:08 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Sat, 7 Apr 2018 08:08:43 +0000 (08:08 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Sat, 7 Apr 2018 08:08:43 +0000 (08:08 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Sat, 7 Apr 2018 08:08:43 +0000 (08:08 +0000)
diff --git a/public/javascripts/application.js b/public/javascripts/application.js

index b3037027e7b1fde593ef821727ee9ee92af8e128..a1beea17a6cf18702b1098cbecc805d9b6700dd6 100644 (file)
--- a/public/javascripts/application.js
+++ b/public/javascripts/application.js
@@ -1,6 +1,13 @@
  /* Redmine - project management software
     Copyright (C) 2006-2016  Jean-Philippe Lang */
  
+/* Fix for CVE-2015-9251, to be removed with JQuery >= 3.0 */
+$.ajaxPrefilter(function (s) {
+  if (s.crossDomain) {
+    s.contents.script = false;
+  }
+});
+
  function checkAll(id, checked) {
    $('#'+id).find('input[type=checkbox]:enabled').prop('checked', checked);
  }
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Sat, 7 Apr 2018 08:08:43 +0000 (08:08 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Sat, 7 Apr 2018 08:08:43 +0000 (08:08 +0000)