New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS with XHR level2 cross domain request #1990

Closed
mala opened this Issue Jun 29, 2011 · 0 comments

Comments

Projects
None yet
2 participants
@mala

mala commented Jun 29, 2011

jQuery mobile can load other domain's html.
All version of jQuery mobile has security risk, it can XSS or display fake contents.

example:
http://jquerymobile.com/demos/1.0b1/#http://ma.la/tmp/jquerymobiletest.html

gseguin added a commit to gseguin/jquery-mobile that referenced this issue Jun 30, 2011

@ghost ghost assigned gseguin Jun 30, 2011

gseguin added a commit to gseguin/jquery-mobile that referenced this issue Jun 30, 2011

More elegant fix for #1990
Re-use $.mobile.allowCrossDomainPages & call deferred.reject to notify caller of failure

gseguin added a commit that referenced this issue Jul 6, 2011

@gseguin gseguin closed this Jul 7, 2011

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment