From f9853054119a44379a11256bb75a33348e36c995 Mon Sep 17 00:00:00 2001 From: npt-1707 Date: Mon, 4 May 2026 08:43:20 +0800 Subject: [PATCH] examples/login/libs/easymob-webim-sdk/jquery-1.11.1.js: Ajax: Mitigate possible XSS vulnerability --- examples/login/libs/easymob-webim-sdk/jquery-1.11.1.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/examples/login/libs/easymob-webim-sdk/jquery-1.11.1.js b/examples/login/libs/easymob-webim-sdk/jquery-1.11.1.js index 8cc83bb9..15890ec9 100644 --- a/examples/login/libs/easymob-webim-sdk/jquery-1.11.1.js +++ b/examples/login/libs/easymob-webim-sdk/jquery-1.11.1.js @@ -8767,6 +8767,11 @@ function ajaxConvert( s, response, jqXHR, isSuccess ) { // Convert response if prev dataType is non-auto and differs from current } else if ( prev !== "*" && prev !== current ) { + // Mitigate possible XSS vulnerability (gh-2432) + if ( s.crossDomain && current === "script" ) { + continue; + } + // Seek a direct converter conv = converters[ prev + " " + current ] || converters[ "* " + current ];