Adobe Experience Manager Sites & More

Srinivas_Opti · 12/6/23

Hello ,

When scanning one of our JavaScript libraries

We find the flaw is reported in the code below, as System leak by the static code analyzer

$("#id).append(jsonObject.id); // system leak

$("#id).text(jsonObject.id); //System leak

On analysis, we find that the above code is reported as a flaw due it the use of the .append and .text function in jQuery stating that the above is System leak.

Please suggest the suitable fix to address this issue.

Regards,

Srinivas

BrianKasingli · 12/6/23

If there have been security updates or patches released for jQuery since then, you should follow these general steps to address vulnerabilities:

Update jQuery:
- Ensure that you are using the latest version of jQuery. You can check the official jQuery website or your package manager for the latest version.
- If you are using an legacy aem clientlib for example cq.jquery, then in this case, create a new clientlib with the latest version of Jquery.
- If you are using a package manager like npm or yarn, you can update jQuery using the respective commands:
```
npm install jquery@latest
 
yarn add jquery@latest
```

View solution in original post

BrianKasingli · 12/6/23

If there have been security updates or patches released for jQuery since then, you should follow these general steps to address vulnerabilities:

Update jQuery:
- Ensure that you are using the latest version of jQuery. You can check the official jQuery website or your package manager for the latest version.
- If you are using an legacy aem clientlib for example cq.jquery, then in this case, create a new clientlib with the latest version of Jquery.
- If you are using a package manager like npm or yarn, you can update jQuery using the respective commands:
```
npm install jquery@latest
 
yarn add jquery@latest
```

Adobe Experience Manager Sites & More

Addressing the vulnerability in the jQuery .append() and .text () function

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe