This fairly trivial snippet, once run on jquery.com or any other "jQueryfied" website, shows a good overview on easy to find, active XSS sinks.
We should protect against all of these. Further, additional sinks need to be identified (passive, 2nd and nth arguments, function-only argument, wrapped object arguments).
This fairly trivial snippet, once run on jquery.com or any other "jQueryfied" website, shows a good overview on easy to find, active XSS sinks.
We should protect against all of these. Further, additional sinks need to be identified (passive, 2nd and nth arguments, function-only argument, wrapped object arguments).