Merge pull request #1 from phpbb/3.2.x

3.2.x
author: 3Di <three3di@hotmail.it> 2018-12-24 09:42:16 +0100
committer: GitHub <noreply@github.com> 2018-12-24 09:42:16 +0100
commit: 871875d9aa3d0b0a17a0eb1936323d5737a438f5 (patch)
tree: d035cb1e7c7d99fedd70976c47cf9d7d8a04c7ac /phpBB/assets/javascript/core.js
parent: db7f4d4c9523e5dc36c62ec6fe647aaf7708daaa (diff)
parent: ca98cd413a6f01eb01e3ca60cea9b55409dadc61 (diff)
download: forums-871875d9aa3d0b0a17a0eb1936323d5737a438f5.tar
forums-871875d9aa3d0b0a17a0eb1936323d5737a438f5.tar.gz
forums-871875d9aa3d0b0a17a0eb1936323d5737a438f5.tar.bz2
forums-871875d9aa3d0b0a17a0eb1936323d5737a438f5.tar.xz
forums-871875d9aa3d0b0a17a0eb1936323d5737a438f5.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/phpBB/assets/javascript/core.js b/phpBB/assets/javascript/core.js
index 02d7323dfb..5218a8c1be 100644
--- a/phpBB/assets/javascript/core.js
+++ b/phpBB/assets/javascript/core.js
@@ -20,6 +20,13 @@ var phpbbAlertTimer = null;
 
 phpbb.isTouch = (window && typeof window.ontouchstart !== 'undefined');
 
+// Add ajax pre-filter to prevent cross-domain script execution
+$.ajaxPrefilter(function(s) {
+	if (s.crossDomain) {
+		s.contents.script = false;
+	}
+});
+
 /**
  * Display a loading screen
  *
author	3Di <three3di@hotmail.it>	2018-12-24 09:42:16 +0100
committer	GitHub <noreply@github.com>	2018-12-24 09:42:16 +0100
commit	871875d9aa3d0b0a17a0eb1936323d5737a438f5 (patch)
tree	d035cb1e7c7d99fedd70976c47cf9d7d8a04c7ac /phpBB/assets/javascript/core.js
parent	db7f4d4c9523e5dc36c62ec6fe647aaf7708daaa (diff)
parent	ca98cd413a6f01eb01e3ca60cea9b55409dadc61 (diff)
download	forums-871875d9aa3d0b0a17a0eb1936323d5737a438f5.tar forums-871875d9aa3d0b0a17a0eb1936323d5737a438f5.tar.gz forums-871875d9aa3d0b0a17a0eb1936323d5737a438f5.tar.bz2 forums-871875d9aa3d0b0a17a0eb1936323d5737a438f5.tar.xz forums-871875d9aa3d0b0a17a0eb1936323d5737a438f5.zip