diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2014-09-09 11:53:56 -0300 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2014-09-09 11:53:56 -0300 |
| commit | ccefd6031d882c91b81fa535c6410eca03db2252 (patch) | |
| tree | af5553a5ca10be19bc2b9c9516aed48063b03acd | |
| parent | 354a1d3ffce75d1ed0c7405f50b7947251da1c54 (diff) | |
| download | pfsense-ccefd6031d882c91b81fa535c6410eca03db2252.zip pfsense-ccefd6031d882c91b81fa535c6410eca03db2252.tar.gz | |
Import fix for http://bugs.jquery.com/ticket/9521
| -rw-r--r-- | usr/local/www/javascript/jquery.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr/local/www/javascript/jquery.js b/usr/local/www/javascript/jquery.js index e375a10..859a7b2 100644 --- a/usr/local/www/javascript/jquery.js +++ b/usr/local/www/javascript/jquery.js @@ -37,8 +37,8 @@ var jQuery = function( selector, context ) { rootjQuery, // A simple way to check for HTML strings or ID strings - // (both of which we optimize for) - quickExpr = /^(?:[^<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/, + // Prioritize #id over <tag> to avoid XSS via location.hash (#9521) + quickExpr = /^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/, // Check if a string has a non-whitespace character in it rnotwhite = /\S/, |
