PLEASE FIX: Security vulnerability - code injection

[vykluong]

There are security vulnerabilities, making the code susceptible to code injection and/or XSS, and it begins at: data = xml ? xhr.responseXML : xhr.responseText.

The data stored in variable 'data' is eventually passed to a function that either calls "replaceWith" or "html." Given that the response is something like: <script src="badScript.js"></script>, invoking "html" will execute the script in the browser. If invoking "html" then the response should be HTML encoded or data should be sanitized.

Thanks,
Vy

[kressly]

Hi
Please since you found the security vulnerability , fix it and make a pull request so that me may all benefit from your knowledge

[vykluong]

I have fixed this in my fork, but the change will require jquery 1.8+, so I'm not ready to make a pull request. Will need to update the code again with a function equivalent to jquery.parseHTML or strip <script /> tags

[kressly]

Can you give us your fix here so that we may use Jquery 1.8 or higher with it ?
Thanks

[vykluong]

Sure, I'd be happy to share my changes. Besides having the changes committed to my branch, are you suggesting another way for me to give you my fix?

https://github.com/vykluong/form.git

[vykluong]

Going to close this issue; will request a pull request once I have changes that will work with earlier versions of jquery.

[huntr-helper]

Bug Bounty

We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/

We will submit a pull request directly to your repository with the fix as soon as possible. Want to learn more? Go to https://github.com/418sec/huntr 📚

Automatically generated by @huntr-helper...

[huntr-helper]

‎‍🛠️ A fix has been provided for this issue. Please reference: 418sec#1

🔥 This fix has been provided through the https://huntr.dev/ bug bounty platform.