Skip to content

Commit

Permalink
Patch jQuery for CVE-2020-11022 and CVE-2020-11023
Browse files Browse the repository at this point in the history
  • Loading branch information
@seamuslee001 @yashodha
seamuslee001 authored and yashodha committed Aug 20, 2020
1 parent d5bbf90 commit 6978078
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions js/Common.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1624,4 +1624,9 @@ if (!CRM.vars) CRM.vars = {};
}
});

// CVE-2020-11022 and CVE-2020-11023 Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.
$.htmlPrefilter = function(html) {
return html;
};

})(jQuery, _);

0 comments on commit 6978078

Please sign in to comment.