Removed doc references to an outdated and now malicious site (BDSA-2021-3651)
1.7.3
Notes
This release originates from an open-source jQuery repository forked by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful building.
Bug Fixes
Strict HTML recognition (#11290: must start with <)
This fixes a Moderate Severity Cross-Site Scripting vulnerability (CVE-2012-6708)
Prevent auto-execution of scripts when no explicit dataType was provided
This fixes a Moderate Severity Cross-Site Scripting (XSS) vulnerability (CVE-2015-9251)
Prevent Object.prototype pollution
This fixes a Moderate Severity XSS in jQuery as used in Drupal, Backdrop CMS, and other products vulnerability (CVE-2019-11358)
Remove instances where HTML (from untrusted sources) is passed into a manipulation method
This fixes a Moderate Severity Potential XSS vulnerability (CVE-2020-11022)
Wrap <option> element to prevent executing untrusted code
This fixes a Moderate Severity Potential XSS vulnerability (CVE-2020-11023)
Remove whitespace from <script> elements to prevent execution of arbitrary JavaScript
This fixes a Moderate Severity Cross-Site Scripting vulnerability (CVE-2020-7656)