Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
[BS2] Fix for XSS issue with data-target attributes in BS2 JS #22844
Summary of Changes
This patch by @SniperSister fixes an publicly known XSS Problem in the BS2 JS reported to the JSST by @C-Lodder. As this issue is publicly known and can also impact 3rd partys the JSST decided to patch it in the public tracker. This also allows an wider group of people to test this patch.
Make sure the following bootstrap js components still work
Try using the data-target and href methods and also try to verify that the mentioned components still work in the Joomla backend.
BS JS Code still works
The current JS Code has an know and publicly documented XSS Problem
Documentation Changes Required
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/22844.
This is not a practical request. Extension code is not stored in the JED or in a resource available within the JED, and it is not within the JED's role in relation to core development to audit or test extensions against any core change.