[wp-trac] [WordPress Trac] #23875: Twenty Thirteen: improve jQuery code: remove deprecated functions, namespace events, and more
WordPress Trac
noreply at wordpress.org
Tue Apr 23 16:23:00 UTC 2013
#23875: Twenty Thirteen: improve jQuery code: remove deprecated functions,
namespace events, and more
-------------------------------------+--------------------
Reporter: obenland | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.6
Component: Bundled Theme | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch needs-testing |
-------------------------------------+--------------------
Comment (by lancewillett):
@michaelfields brought to my attention a possible XSS vulnerability at
https://wpcom-
themes.trac.automattic.com/browser/twentythirteen/js/functions.js#L102
Where we don't check that the hash input is a valid element in the DOM.
See .5 diff for his suggested patch.
This approach is closer to the original code at
http://www.nczonline.net/blog/2013/01/15/fixing-skip-to-content-links/ and
also closes a possible XSS vulnerability in jQuery Migrate, see
https://github.com/jquery/jquery-migrate/issues/36.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/23875#comment:9>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list