User tests: Successful: Unsuccessful:
JQuery UI versions prior to 1.13.0 have a potential XSS attack vector that can be used to execute code in the browser context. Joomla core itself does not have such an attack vector, however we can't rule out that 3rd party extensions are vulnerable, why we backport the patch to the JQuery UI version used in 3.x.
4.x is not affected as it does not ship JQuery UI.
No error, patch not being backported.
No error, patch backported.
Doc block in both files has been updated to reflect the change.
Status | New | ⇒ | Pending |
Category | ⇒ | JavaScript |
Labels |
Added:
?
|
Merging here. Thanks David!
Status | Pending | ⇒ | Fixed in Code Base |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2022-03-18 10:49:06 |
Closed_By | ⇒ | zero-24 |
As its just a comment change that is not included into the minified version we done need a change to the min file.