Fixes #17516 - Update jquery to 2.2.4 to fix XSS #4065
Conversation
|
@dLobatog, thanks for your PR! By analyzing the history of the files in this pull request, we identified @tbrisker, @gailsteiger and @domcleal to be potential reviewers. |
|
There were the following issues with the commit message:
If you don't have a ticket number, please create an issue in Redmine. More guidelines are available in Coding Standards or on the Foreman wiki. This message was auto-generated by Foreman's prprocessor |
| @@ -44,7 +44,7 @@ | |||
| "events": "^1.1.1", | |||
| "flux": "^2.1.1", | |||
| "ipaddr.js": "~1.2.0", | |||
| "jquery": "~1.11.0", | |||
| "jquery": "~1.12.0", | |||
There was a problem hiding this comment.
There's no 1.13, 1.12 is the one that contains the fix - it was a typo
|
Repushed with the right commit title (it said 1.13 instead of 1.12) |
dLobatog
changed the title
|
Rebased! |
|
tests are failing. Looks like this upgrade broke something. |
|
@dLobatog application.js line 66 should be changed to $('a[href="#'+this.id+'"]').addClass("tab-error");to fix the failing test. Care to upgrade jQuery to 2.x while you are at it? It is compatible with 1.x except it dropped IE<9 support. I am looking into upgrading to 3.x which does introduce some breaking changes. |
theforeman-bot
added
Needs re-review
Needs testing
and removed
Waiting on contributor
labels
|
Updated , including jquery 2.1 and the application.js fix, thanks @tbrisker |
| @@ -39,6 +39,6 @@ describe('initInheritedRoles', () => { | |||
| $('.dropdown-menu li a').last().click(); | |||
| expect($('.btn').text()).toContain('First'); | |||
| expect($('.list-group li[data-id="1"]').is(':visible')).toBeTruthy(); | |||
| expect($('.list-group li[data-id="2"]').is(':visible')).toBeFalsy(); | |||
| expect($('.list-group li[data-id="2"]').css('display')).toEqual('none'); | |||
There was a problem hiding this comment.
Seems like :visible meaning changed on 2.1, so I made it more specific
| @@ -44,7 +44,7 @@ | |||
| "events": "^1.1.1", | |||
| "flux": "^2.1.1", | |||
| "ipaddr.js": "~1.2.0", | |||
| "jquery": "~1.11.0", | |||
| "jquery": "~2.1.0", | |||
There was a problem hiding this comment.
Latest version is 2.2.4, any reason not to use that?
Affected versions of the package (< 1.12) are vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain ajax request is performed without the dataType option causing text/javascript responses to be executed. jquery/jquery#2432 for more information
dLobatog
force-pushed
the
17516
branch
2 times, most recently
from
50b649d
to
2439b05
Compare
dLobatog
changed the title
|
@tbrisker I think I saw some breakages on tests with 2.2.4 but it seems fine now. Updated to 2.2.4 |
|
Works just fine, thanks @dLobatog! |
Affected versions of the package (< 1.12) are vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain ajax request is performed without the dataType option causing text/javascript responses to be executed.
jquery/jquery#2432 for more information