diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2014-09-09 11:53:56 -0300 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2014-09-09 11:54:36 -0300 |
| commit | 3b0bc8c34e2d9d5c5bb11819228c6cfd186444ed (patch) | |
| tree | d9d9ae6e4d95248e2d7ed9b3417c098f7a6b5b49 | |
| parent | 76fa9adb236ba342311190a044f0439aab9425d7 (diff) | |
| download | pfsense-3b0bc8c34e2d9d5c5bb11819228c6cfd186444ed.zip pfsense-3b0bc8c34e2d9d5c5bb11819228c6cfd186444ed.tar.gz | |
Import fix for http://bugs.jquery.com/ticket/9521
| -rw-r--r-- | usr/local/www/javascript/jquery.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr/local/www/javascript/jquery.js b/usr/local/www/javascript/jquery.js index e375a10..859a7b2 100644 --- a/usr/local/www/javascript/jquery.js +++ b/usr/local/www/javascript/jquery.js @@ -37,8 +37,8 @@ var jQuery = function( selector, context ) { rootjQuery, // A simple way to check for HTML strings or ID strings - // (both of which we optimize for) - quickExpr = /^(?:[^<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/, + // Prioritize #id over <tag> to avoid XSS via location.hash (#9521) + quickExpr = /^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/, // Check if a string has a non-whitespace character in it rnotwhite = /\S/, |
