Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Manipulation: Make jQuery.htmlPrefilter an identity function
- Loading branch information
Showing
18 changed files
with
246 additions
and
257 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
1d61fd9
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi Michał, is there a patch for the old jQuery releases for this fix?
E.g., like this one: https://github.com/DanielRuf/snyk-js-jquery-565129
Especially, for 1.x series as I'm using 1.12.4.
Also, does this address both these CVE's or only the first one in the list?
https://nvd.nist.gov/vuln/detail/CVE-2020-11022
https://nvd.nist.gov/vuln/detail/CVE-2020-11023
Thanks.
1d61fd9
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please don't comment on commits. There is no patch for 1.x or 2.x, they are no longer supported and in any case this is a pretty big breaking change, likely even more so on the browsers supported by those versions. Patching this would almost surely cause a cascade of failures in code and plugins that you would need to address.