Merge branch '3.2.x' into ticket/15914

author: GanstaZ <ganstaz@hotmail.com> 2018-12-22 22:26:54 +0200
committer: GanstaZ <ganstaz@hotmail.com> 2018-12-22 22:26:54 +0200
commit: c6f613bae55be0f2aab855d58ca7fbcaa643c626 (patch)
tree: ed1488880d384efc3ddd3192a24239afcd8d9ab6 /phpBB/assets/javascript/core.js
parent: 349ab42fdc994c5fa16436bd2d82df0ef4019f16 (diff)
parent: 70a56c208fa5bcdde9337c871b30aaaf7e5602b8 (diff)
download: forums-c6f613bae55be0f2aab855d58ca7fbcaa643c626.tar
forums-c6f613bae55be0f2aab855d58ca7fbcaa643c626.tar.gz
forums-c6f613bae55be0f2aab855d58ca7fbcaa643c626.tar.bz2
forums-c6f613bae55be0f2aab855d58ca7fbcaa643c626.tar.xz
forums-c6f613bae55be0f2aab855d58ca7fbcaa643c626.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/phpBB/assets/javascript/core.js b/phpBB/assets/javascript/core.js
index 02d7323dfb..5218a8c1be 100644
--- a/phpBB/assets/javascript/core.js
+++ b/phpBB/assets/javascript/core.js
@@ -20,6 +20,13 @@ var phpbbAlertTimer = null;
 
 phpbb.isTouch = (window && typeof window.ontouchstart !== 'undefined');
 
+// Add ajax pre-filter to prevent cross-domain script execution
+$.ajaxPrefilter(function(s) {
+	if (s.crossDomain) {
+		s.contents.script = false;
+	}
+});
+
 /**
  * Display a loading screen
  *
author	GanstaZ <ganstaz@hotmail.com>	2018-12-22 22:26:54 +0200
committer	GanstaZ <ganstaz@hotmail.com>	2018-12-22 22:26:54 +0200
commit	c6f613bae55be0f2aab855d58ca7fbcaa643c626 (patch)
tree	ed1488880d384efc3ddd3192a24239afcd8d9ab6 /phpBB/assets/javascript/core.js
parent	349ab42fdc994c5fa16436bd2d82df0ef4019f16 (diff)
parent	70a56c208fa5bcdde9337c871b30aaaf7e5602b8 (diff)
download	forums-c6f613bae55be0f2aab855d58ca7fbcaa643c626.tar forums-c6f613bae55be0f2aab855d58ca7fbcaa643c626.tar.gz forums-c6f613bae55be0f2aab855d58ca7fbcaa643c626.tar.bz2 forums-c6f613bae55be0f2aab855d58ca7fbcaa643c626.tar.xz forums-c6f613bae55be0f2aab855d58ca7fbcaa643c626.zip