New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

jQuery Mobile XSS Problem #1789

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
2 participants
@jnlin

jnlin commented Jun 6, 2011

Demo: http://jquerymobile.com/demos/1.0a4.1/#<img src=/ss onerror={alert('yy');}>

I am not sure if the patch is perfect, but it works for me.

@scottjehl

This comment has been minimized.

Show comment
Hide comment
@scottjehl

scottjehl Jun 9, 2011

Contributor

Thanks! Looks like this is fixed in latest though, so I guess our navigation refactor covered it. Example here: http://jquerymobile.com/test/#<img src=/ss onerror={alert('yy');}>

Let me know if you still see the issue anywhere. Thanks!

Contributor

scottjehl commented Jun 9, 2011

Thanks! Looks like this is fixed in latest though, so I guess our navigation refactor covered it. Example here: http://jquerymobile.com/test/#<img src=/ss onerror={alert('yy');}>

Let me know if you still see the issue anywhere. Thanks!

@scottjehl scottjehl closed this Jun 9, 2011

@jnlin

This comment has been minimized.

Show comment
Hide comment
@jnlin

jnlin Jun 14, 2011

It works, thank you :)

jnlin commented Jun 14, 2011

It works, thank you :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment