Hi, I'm curious:
"jQuery versions 1.6.3 and higher provide protection against common forms of this problem; thus, the vulnerability is mitigated if your site has upgraded to a recent version of jQuery" does that mean the drupal-7 package *could* now use the libjs-jquery package instead of an embedded copy? The libjs-jquery/1.7.2 package seems it was already immune to this issue. (Proof of concept at http://ma.la/jquery_xss/ - save it locally and you can swap out the jquery.js to test other versions). Regards, -- Steven Chamberlain ste...@pyro.eu.org _______________________________________________ Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel