#8325 [WebUI] Fix htmlPrefilter issue in jQuery
Closed: fixed 3 years ago by frenaud. Opened 3 years ago by stsymbal.


master:

  • bc9f3e0 WebUI: Apply jQuery patch to fix htmlPrefilter issue

ipa-4-8:

  • 0620229 WebUI: Apply jQuery patch to fix htmlPrefilter issue

ipa-4-6:

  • 22e24db WebUI: Apply jQuery patch to fix htmlPrefilter issue

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

3 years ago

Metadata Update from @abbra:
- Custom field changelog adjusted to CVE-2020-11022: In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. FreeIPA is not allowing to pass arbitrary code into affected jQuery path but we applied jQuery fix anyway.

3 years ago

Login to comment on this ticket.

Metadata