mirror/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2026-04-06 16:45:13 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1582 from navnitan-7/fix/cve-2015-9251-jquery-ajax

Browse Source 
Potential Vulnerability in Cloned Code
This commit is contained in:
Jokob @NetAlertX
2026-04-02 07:42:51 +11:00
committed by GitHub
parent d17256cff6 8b80a6d59c
commit 4c7ea21bd8
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
front/lib/datatables/datatables.js
View File

@@ -9059,6 +9059,11 @@ function ajaxConvert( s, response, jqXHR, isSuccess ) {
// Convert response if prev dataType is non-auto and differs from current
} else if ( prev !== "*" && prev !== current ) {
// Mitigate possible XSS vulnerability (gh-2432)
if ( s.crossDomain && current === "script" ) {
continue;
}
// Seek a direct converter
conv = converters[ prev + " " + current ] || converters[ "* " + current ];