From 8a4bce8abcb78768bd518a54d56b4e685aaf04e3 Mon Sep 17 00:00:00 2001
From: npt-1707 <npthanh132@gmail.com>
Date: Mon, 4 May 2026 02:55:05 +0800
Subject: [PATCH] js/tests/vendor/js/jquery-1.10.2.js: Ajax: Mitigate possible
 XSS vulnerability

---
 js/tests/vendor/js/jquery-1.10.2.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/js/tests/vendor/js/jquery-1.10.2.js b/js/tests/vendor/js/jquery-1.10.2.js
index d6f6ac8..ce234a2 100644
--- a/js/tests/vendor/js/jquery-1.10.2.js
+++ b/js/tests/vendor/js/jquery-1.10.2.js
@@ -8388,6 +8388,10 @@ function ajaxConvert( s, response, jqXHR, isSuccess ) {
 			// Convert response if prev dataType is non-auto and differs from current
 			} else if ( prev !== "*" && prev !== current ) {
 
+				// Mitigate possible XSS vulnerability (gh-2432)
+				if ( s.crossDomain && current === "script" ) {
+					continue;
+				}
 				// Seek a direct converter
 				conv = converters[ prev + " " + current ] || converters[ "* " + current ];