Hillel Coren Hillel Coren - 1 year ago 78
jQuery Question

Is jQuery 1.x vulnerable to "non-explicit data type cross-site scripting"?

We recently received the following email from https://nospam_srcclr.com (remove nospam_ for the real URL).

Thank you for your prompt reply. We have identified [our project] as being vulnerable to a cross-site scripting vulnerability through JQuery.


A copy of the JQuery version 1.11.3 is included in the project here. JQuery is vulnerable to cross-site scripting through execution of non-explicit data type. The vulnerable section of code used in [our project] is seen here.

To mitigate this issue, we recommend upgrading JQuery to 3.0.0.

Is jQuery 1.x actually unsafe to use?

Answer Source

If you not fetch any javascript from another untrusted domain by ajax, it still safe.

If you did, you can manually apply this simple patch too your current jquery:


Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download