Fix for CVE-2015-9251 in JQuery 1.11.1 (#26857).

Patch by Gregor Schmidt. git-svn-id: http://svn.redmine.org/redmine/trunk@17272 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2018-04-07 08:06:29 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2018-04-07 08:06:29 +0000
commit: 70d0a7147c4b39998fb2c2cda299443caeb680a5 (patch)
tree: eb6f4a6e6f7a90a6af9270a4d75f523d2f23f20f /public/javascripts
parent: 0e362e84abc8e0529e7ea02db33fbb25093e0868 (diff)
download: redmine-70d0a7147c4b39998fb2c2cda299443caeb680a5.tar.gz
redmine-70d0a7147c4b39998fb2c2cda299443caeb680a5.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/public/javascripts/application.js b/public/javascripts/application.js
index ac5a6ed55..c8a7df1fa 100644
--- a/public/javascripts/application.js
+++ b/public/javascripts/application.js
@@ -1,6 +1,13 @@
 /* Redmine - project management software
    Copyright (C) 2006-2017  Jean-Philippe Lang */
 
+/* Fix for CVE-2015-9251, to be removed with JQuery >= 3.0 */
+$.ajaxPrefilter(function (s) {
+  if (s.crossDomain) {
+    s.contents.script = false;
+  }
+});
+
 function checkAll(id, checked) {
   $('#'+id).find('input[type=checkbox]:enabled').prop('checked', checked);
 }
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2018-04-07 08:06:29 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2018-04-07 08:06:29 +0000
commit	70d0a7147c4b39998fb2c2cda299443caeb680a5 (patch)
tree	eb6f4a6e6f7a90a6af9270a4d75f523d2f23f20f /public/javascripts
parent	0e362e84abc8e0529e7ea02db33fbb25093e0868 (diff)
download	redmine-70d0a7147c4b39998fb2c2cda299443caeb680a5.tar.gz redmine-70d0a7147c4b39998fb2c2cda299443caeb680a5.zip