This could allow someone to add a 'phishing' link to a website that would be displayed inside a dialog's iframe which would mask the URL.

The most reasonable solution is to by default block all external domains from appearing in a jQuery UI dialog and then include the ability to whitelist selected domains.

Comments

jrockowitz’s picture

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.