Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Looking for the latest TMZ celebrity news? You've come to the right place. From shocking Hollywood scandals to exclusive videos, TMZ delivers it all in real time.
Whether it’s a red carpet slip-up, a viral paparazzi moment, or a legal drama involving your favorite stars, TMZ news is always first to break the story. Stay in the loop with daily updates, insider tips, and jaw-dropping photos.
TMZ Live brings you daily celebrity news and interviews straight from the TMZ newsroom. Don’t miss a beat—watch now and see what’s trending in Hollywood.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi! We recently upgraded jquery-ui to version 1.13.2 for fixing vulnerabilites, but our security scanning tool detected two issues from jquery-ui. It seems like the issues are already existing in the previous version, not introduced by the latest version, so I'm wondering, are they in the process of fixing, or they have been investigated but dismissed please?
The details of these two issues are as followed:
target = typeof options.of === "string" ? $( document ).find( options.of ) : $( options.of ),The detected issue ispotential XSS vulnerability in the '$.fn.position' plugin.return hash ? hash.replace( /[!"$%&'()*+,.\/:;<=>?@\[\]\^`{|}~]/g, "\\$&" ) : "";, the detected issue isIncomplete string escaping or encoding -- This does not escape backslash characters in the input.Thanks!
Beta Was this translation helpful? Give feedback.
All reactions