Skip to content

XSS with XHR level2 cross domain request #1990

Closed
mala opened this Issue Jun 29, 2011 · 0 comments

2 participants

@mala
mala commented Jun 29, 2011

jQuery mobile can load other domain's html.
All version of jQuery mobile has security risk, it can XSS or display fake contents.

example:
http://jquerymobile.com/demos/1.0b1/#http://ma.la/tmp/jquerymobiletest.html

@gseguin gseguin added a commit to gseguin/jquery-mobile that referenced this issue Jun 30, 2011
@gseguin gseguin Fix for #1990: Introducing $.mobile.ajaxCrossDomainEnabled defaults t…
…o false
5fe3106
@gseguin gseguin was assigned Jun 30, 2011
@gseguin gseguin added a commit to gseguin/jquery-mobile that referenced this issue Jun 30, 2011
@gseguin gseguin More elegant fix for #1990
Re-use $.mobile.allowCrossDomainPages & call deferred.reject to notify caller of failure
2deeee1
@gseguin gseguin closed this Jul 7, 2011
@timmywil timmywil pushed a commit that referenced this issue Oct 24, 2011
@gseguin gseguin More elegant fix for #1990
Re-use $.mobile.allowCrossDomainPages & call deferred.reject to notify caller of failure
8c1eca1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.