Closed (fixed)
Project:
jQuery UI filter
Version:
6.x-1.x-dev
Component:
Code
Priority:
Critical
Category:
Bug report
Assigned:
Reporter:
Created:
17 Apr 2012 at 21:36 UTC
Updated:
2 May 2012 at 13:10 UTC
This could allow someone to add a 'phishing' link to a website that would be displayed inside a dialog's iframe which would mask the URL.
The most reasonable solution is to by default block all external domains from appearing in a jQuery UI dialog and then include the ability to whitelist selected domains.
Comments
Comment #1
jrockowitz commentedhttp://drupalcode.org/project/jquery_ui_filter.git/commit/13f7f05