Skip to content

fix(twitter-bootstrap3): CVE-2024-6485, CVE-2025-1647#2

Open
deepin-ci-robot wants to merge 1 commit into
masterfrom
fix/CVE-2024-6485-multi
Open

fix(twitter-bootstrap3): CVE-2024-6485, CVE-2025-1647#2
deepin-ci-robot wants to merge 1 commit into
masterfrom
fix/CVE-2024-6485-multi

Conversation

@deepin-ci-robot

Copy link
Copy Markdown
Contributor

Summary

Fix XSS vulnerability in Bootstrap 3 button.js by adding HTML sanitization to the data-loading-text attribute handling.

CVEs Fixed

Details

The vulnerability allows cross-site scripting attacks when malicious JavaScript code is injected into the data-loading-text attribute of buttons. This patch adds a sanitize() function to the Button prototype that escapes HTML special characters before setting the button text.

References

Testing

  • quilt patches apply successfully
  • changelog updated with CVE references
  • patch follows DEP-3 format

Generated-By: glm-5.1
Co-Authored-By: hudeng hudeng@deepin.org

Fix XSS vulnerability in button.js data-loading-text attribute
by adding HTML sanitization to prevent cross-site scripting attacks.

Upstream: entreprise7pro/bootstrap@769c032
Generated-By: glm-5.1
Co-Authored-By: hudeng <hudeng@deepin.org>
@deepin-ci-robot deepin-ci-robot requested a review from BLumia May 26, 2026 18:15
@deepin-ci-robot

Copy link
Copy Markdown
Contributor Author

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign qaqland for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@github-actions

Copy link
Copy Markdown

TAG Bot

TAG: 3.4.1+dfsg-3deepin1
EXISTED: no
DISTRIBUTION: unstable

@hudeng-go

Copy link
Copy Markdown

/integrate

@github-actions

Copy link
Copy Markdown

AutoIntegrationPr Bot
auto integrate with pr url: deepin-community/Repository-Integration#4083
PrNumber: 4083
PrBranch: auto-integration-26485490192

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants