Merged r17272 into 3.4-stable (#26857).

git-svn-id: http://svn.redmine.org/redmine/branches/3.4-stable@17273 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/public/javascripts/application.js b/public/javascripts/application.js
index b6352fd2aa07bb9b68b48209373bcae4dd9681e1..4e1b40ab82b1bf5cb14f656c938f444fa9f7a9d0 100644 (file)
--- a/public/javascripts/application.js
+++ b/public/javascripts/application.js
@@ -1,6 +1,13 @@
 /* Redmine - project management software
    Copyright (C) 2006-2017  Jean-Philippe Lang */
 
+/* Fix for CVE-2015-9251, to be removed with JQuery >= 3.0 */
+$.ajaxPrefilter(function (s) {
+  if (s.crossDomain) {
+    s.contents.script = false;
+  }
+});
+
 function checkAll(id, checked) {
   $('#'+id).find('input[type=checkbox]:enabled').prop('checked', checked);
 }