ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Work around jQuery bug that allows for XSS 

Fixes FOO-2219
Refs SEC-4279
Refs FOO-87
flag = none

Addresses security issue.

Test plan:
* Security is satisfied

Change-Id: I434ebf65ef51e5a0e462d241dbb1695d231ef9d1
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/270169
QA-Review: Simon Williams <simon@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Jacob Burroughs <jburroughs@instructure.com>
This commit is contained in:
Charley Kline 2021-07-27 02:34:01 -05:00 committed by Simon Williams
parent 7ef4f29bb2
commit a3d9d87a97
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ui/boot/initializers/markBrokenImages.js
View File

@ -21,7 +21,7 @@ import I18n from 'i18n!broken_images'
export function attachErrorHandler(imgElement) {
$(imgElement).on('error', e => {
if (e.currentTarget.src) {
$.get(e.currentTarget.src).fail(response => {
$.get(e.currentTarget.src, undefined, undefined, 'text').fail(response => {
if (response.status === 403) {
// Replace the image with a lock image
$(e.currentTarget).attr({