From c51dd4781abfd207a9021515fa2769e2030524bb Mon Sep 17 00:00:00 2001 From: npt-1707 Date: Mon, 4 May 2026 02:49:06 +0800 Subject: [PATCH] app/vendor/jquery-ui/external/jquery/jquery.js: Ajax: Mitigate possible XSS vulnerability --- app/vendor/jquery-ui/external/jquery/jquery.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/vendor/jquery-ui/external/jquery/jquery.js b/app/vendor/jquery-ui/external/jquery/jquery.js index 7fc60fc..8298369 100644 --- a/app/vendor/jquery-ui/external/jquery/jquery.js +++ b/app/vendor/jquery-ui/external/jquery/jquery.js @@ -9293,6 +9293,10 @@ function ajaxConvert( s, response, jqXHR, isSuccess ) { // Convert response if prev dataType is non-auto and differs from current } else if ( prev !== "*" && prev !== current ) { + // Mitigate possible XSS vulnerability (gh-2432) + if ( s.crossDomain && current === "script" ) { + continue; + } // Seek a direct converter conv = converters[ prev + " " + current ] || converters[ "* " + current ];