Inicio Explorar Ayuda
Registro Iniciar sesión
chengwenliang
/
newsupernova
2
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Árbol: 0af37202f9
Ramas Etiquetas
newsupernova
/
lib
/
web
/
jquery
/
patches
/
jquery.js

jquery.js 820 B
Histórico Raw

123456789101112131415161718192021222324252627282930313233 
  1. /**
    2. 

  2.  * Copyright © Magento, Inc. All rights reserved.
    3. 

  3.  * See COPYING.txt for license details.
    4. 

  4.  */
    5. 

  5. 

  6. define([], function () {
    7. 

  7.     'use strict';
    8. 

  8. 

  9.     /**
    10. 

  10.      * Patch for CVE-2015-9251 (XSS vulnerability).
    11. 

  11.      * Can safely remove only when jQuery UI is upgraded to >= 3.3.x.
    12. 

  12.      * https://www.cvedetails.com/cve/CVE-2015-9251/
    13. 

  13.      */
    14. 

  14.     function ajaxResponsePatch(jQuery) {
    15. 

  15.         jQuery.ajaxPrefilter(function (s) {
    16. 

  16.             if (s.crossDomain) {
    17. 

  17.                 s.contents.script = false;
    18. 

  18.             }
    19. 

  19.         });
    20. 

  20.     }
    21. 

  21. 

  22.     return function ($) {
    23. 

  23.         var majorVersion = $.fn.jquery.split('.')[0];
    24. 

  24. 

  25.         if (majorVersion >= 3) {
    26. 

  26.             console.warn('jQuery patch for CVE-2015-9251 is no longer necessary, and should be removed');
    27. 

  27.         }
    28. 

  28. 

  29.         ajaxResponsePatch($);
    30. 

  30. 

  31.         return $;
    32. 

  32.     };
    33. 

  33. });
    34.