finn/forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Revert "Prevent possible XSS when using jQuery (#18289)" (#18293)

Browse source 
This reverts commit 661d3d28e9.
This commit is contained in:
wxiaoguang 2022-01-16 19:19:26 +08:00 committed by GitHub
parent 72b3681648
commit 4d0a72a271
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 34 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

5
docs/content/doc/developers/guidelines-frontend.md
View file

@ -127,8 +127,3 @@ We forbid `dataset` usage, its camel-casing behaviour makes it hard to grep for
### Vue2/Vue3 and JSX
Gitea is using Vue2 now, we plan to upgrade to Vue3. We decided not to introduce JSX to keep the HTML and the JavaScript code separated.
### jQuery's `$(...)`
jQuery's `$` function has a broad functionality depending on the input. Well, this can be seen as nice, it's also a fallpit for possible XSS attacks when the input is user-controlled.
The usage of the function can be correct in certain situations, but it is discourage and recommended to use a more specific function of jQuery(e.g. `$.find`, `$.parseHTML`).