Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security hardening for jQuery form. #6417

Closed
jenlampton opened this issue Mar 8, 2024 · 1 comment
Closed

Security hardening for jQuery form. #6417

jenlampton opened this issue Mar 8, 2024 · 1 comment
Labels
status - fixed
Milestone
1.27.1

Comments

@jenlampton
Copy link
Member

jenlampton commented Mar 8, 2024
edited
Loading

There is an open issue for jQuery Form that indicates that it may contain a theoretical Cross-site Scripting (XSS) vulnerability: jquery-form/form#586

We do not believe that Backdrop is exploitable, but we could include a security hardening that would protect Backdrop against any potential threat.
backdrop-ci referenced this issue in backdrop/backdrop Mar 8, 2024
@jenlampton @quicksketch
Issue #6417: Security hardening for jQuery form library.
70e9bd2 
By @jenlampton, @klonos, @olafgrabienski, and @quicksketch.
backdrop-ci referenced this issue in backdrop/backdrop Mar 8, 2024
@jenlampton @quicksketch
Issue #6417: Security hardening for jQuery form library.
802e619 
By @jenlampton, @klonos, @olafgrabienski, and @quicksketch.
@quicksketch
Copy link
Member

quicksketch commented Mar 8, 2024
edited
Loading

There was a Backdrop Security PR for this issue that I pulled from for this fix. So there's no PR but the commit IDs are backdrop/backdrop@5c83061 (1.x) and backdrop/backdrop@5c83061 (1.27.x).

@jenlampton jenlampton added this to the 1.27.1 milestone Mar 8, 2024
backdrop-ci referenced this issue in backdrop/backdrop Mar 8, 2024
@jenlampton @quicksketch
Issue #6417: Security hardening for jQuery form library.
5c83061 
By @jenlampton, @klonos, @olafgrabienski, and @quicksketch.

With code by Drupal.org users effulgentsia and pandaski.
backdrop-ci referenced this issue in backdrop/backdrop Mar 8, 2024
@jenlampton @quicksketch
Issue #6417: Security hardening for jQuery form library.
8c4da23 
By @jenlampton, @klonos, @olafgrabienski, and @quicksketch.

With code by Drupal.org users effulgentsia and pandaski.
@jenlampton jenlampton changed the title Security hardening for jQuery form Security hardening for jQuery form. Mar 8, 2024
@jenlampton jenlampton mentioned this issue Mar 8, 2024
Closed
30 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status - fixed
Projects
None yet
Milestone
1.27.1
Development

No branches or pull requests
2 participants
@quicksketch @jenlampton