Security: Dangerous JavaScript eval() functions

jquery / jquery-mousewheel

A jQuery plugin that adds cross-browser mouse wheel support.

Other

3.9k stars 1.69k forks source link

Security: Dangerous JavaScript eval() functions #229

Closed globeone closed 2 years ago

globeone commented 2 years ago

There are 6 JavaScript eval() functions in use that are dangerous. Especially when the JavaScript is loaded in memory.

Eval allows strings to be run as executables and is dangerous to use. Please see the following Mozilla Dev article with tips on how to rewrite these functions securely.

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval

mgol commented 2 years ago

I don't see any eval occurrences in this repository. Could you be more specific in what you're asking for?

I'm going to close but we can reopen if you provide more information.

globeone commented 2 years ago

@mgol Apologies for this ticket. It turns out to be a Kendo custom forked version of jquery-mousewheel. They added this vulnerability to their forked version but kept the original jquery-mousewheel version and copyright line.