[Pkg-javascript-devel] Bug#698334: drupal7: SA-CORE-2013-001 - Drupal core - Multiple vulnerabilities
Steven Chamberlain
steven at pyro.eu.org
Sun Jan 20 17:04:28 UTC 2013
Hi,
I'm curious:
"jQuery versions 1.6.3 and higher provide protection against common
forms of this problem; thus, the vulnerability is mitigated if your site
has upgraded to a recent version of jQuery"
does that mean the drupal-7 package *could* now use the libjs-jquery
package instead of an embedded copy?
The libjs-jquery/1.7.2 package seems it was already immune to this
issue. (Proof of concept at http://ma.la/jquery_xss/ - save it locally
and you can swap out the jquery.js to test other versions).
Regards,
--
Steven Chamberlain
steven at pyro.eu.org
More information about the Pkg-javascript-devel
mailing list