Open anthaeus opened 7 years ago
Can you highlight where in the code this is? I can't seem to find it. Curious as my product team is assessing the risks of using this script.
Id like to but I dont remember which assesment on my side was it. Damn..
2018-02-13 7:24 GMT+01:00 Cyassin notifications@github.com:
Can you highlight where in the code this is? I can't seem to find it. Curious as my product team is assessing the risks of using this script.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/aFarkas/html5shiv/issues/212#issuecomment-365163276, or mute the thread https://github.com/notifications/unsubscribe-auth/AGzlZyCNocSsWszUhs-sVvwOK72fr-aGks5tUSqggaJpZM4OiZ8C .
--
/ Pozdrawiam /
The applicaiton version 3.7.2 may be vulnerable to DOM-based cross-site scripting. Data is read from window.location.hash and passed to $() via the following statements:
e=window.location.hash; b_isTabHash(e)&&(e=b._getFromNiceHash(e),$('.tab-menu a[href\x3d'"+e'"]').tab("show"));
The exploitability of this issue might depend on the specific version of jQuery that is being used.