From 4d0a72a2710fd3381574485980f056ac644a10d7 Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Sun, 16 Jan 2022 19:19:26 +0800 Subject: Revert "Prevent possible XSS when using jQuery (#18289)" (#18293) This reverts commit 661d3d28e97bb49bef075c0314edad5879148aaa. --- docs/content/doc/developers/guidelines-frontend.md | 5 ----- 1 file changed, 5 deletions(-) (limited to 'docs/content') diff --git a/docs/content/doc/developers/guidelines-frontend.md b/docs/content/doc/developers/guidelines-frontend.md index cbd2ca8a24..9fec5bd17e 100644 --- a/docs/content/doc/developers/guidelines-frontend.md +++ b/docs/content/doc/developers/guidelines-frontend.md @@ -127,8 +127,3 @@ We forbid `dataset` usage, its camel-casing behaviour makes it hard to grep for ### Vue2/Vue3 and JSX Gitea is using Vue2 now, we plan to upgrade to Vue3. We decided not to introduce JSX to keep the HTML and the JavaScript code separated. - -### jQuery's `$(...)` - -jQuery's `$` function has a broad functionality depending on the input. Well, this can be seen as nice, it's also a fallpit for possible XSS attacks when the input is user-controlled. -The usage of the function can be correct in certain situations, but it is discourage and recommended to use a more specific function of jQuery(e.g. `$.find`, `$.parseHTML`). -- cgit v1.2.3