[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: jquery / CVE-2020-7656



Hi Brian,

> Have you considered the possibility of back porting the parseHTML
> function?

I did consider this. However, as I implied last time — and you have
independently discovered! — Javascript development is very weird with
lots of edge-cases, and that is before we consider the inconsistencies
of a higher-level API like jQuery and the underlying DOM APIs etc. etc.

I would therefore very mindful about introducing regressions by this
apparently simple approach.

In any case, I have a few other things on my plate (including fixing
some upstream-introduced regressions in Django) so I would not be able
to look at this before you would. In any case, I only know enough
Javascript to know to avoid it anyway. Sorry I cannot be of more direct
help here, but you have my moral support.


Regards,

--
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk
       `-


Reply to: