Skip to content
This repository

XSS with XHR level2 cross domain request #1990

Closed
mala opened this Issue June 29, 2011 · 0 comments

2 participants

mala Ghislain Seguin
mala
mala commented June 29, 2011

jQuery mobile can load other domain's html.
All version of jQuery mobile has security risk, it can XSS or display fake contents.

example:
http://jquerymobile.com/demos/1.0b1/#http://ma.la/tmp/jquerymobiletest.html

Ghislain Seguin gseguin referenced this issue from a commit in gseguin/jquery-mobile June 29, 2011
Ghislain Seguin Fix for #1990: Introducing $.mobile.ajaxCrossDomainEnabled defaults t…
…o false
5fe3106
Ghislain Seguin gseguin referenced this issue from a commit in gseguin/jquery-mobile June 30, 2011
Ghislain Seguin More elegant fix for #1990
Re-use $.mobile.allowCrossDomainPages & call deferred.reject to notify caller of failure
2deeee1
Ghislain Seguin gseguin closed this July 07, 2011
Timmy Willison timmywil referenced this issue from a commit June 30, 2011
Ghislain Seguin More elegant fix for #1990
Re-use $.mobile.allowCrossDomainPages & call deferred.reject to notify caller of failure
8c1eca1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.