Jump to content

JQuery: old version


lcolombo

Recommended Posts

Hi,

We hire a penetration test on a system based on unigui and they recommend us to update the jquery libraries:

The following libraries are out of date:
/fullweb.dll/uni-1.90.0.1526/jQuery/jquery-1.11.2.min.js
Version: 1.11.2
Date: 2014 

/fullweb.dll/uni-1.90.0.1526/jQuery/MaskedInput/jquery.inputmask.min.js
Version: 3.1.63-22
Date: 2015 


/fullweb.dll/uni-1.90.0.1526/jQuery/autoNumeric/autoNumeric-1.9.35.js
Version: 1.9.35
Date: 2015 

is it possible to update these libraries?

 

Regards

Link to comment
Share on other sites

  • 1 year later...
On 12/11/2020 at 4:44 PM, Hayri ASLAN said:

Hi,

you can set ServerModule -> Options -> soDontLoadJQueryLib := True  and add latest jquery file with CustomFiles.

Hello,

Is it possible to add a new version of these libraries via URL (for example: https://cdnjs.cloudflare.com/ajax/libs/jquery.inputmask/5.0.8-beta.1/jquery.inputmask.min.js
) in CustomFiles or do I need to add it to another list (who is it)?

Link to comment
Share on other sites

15 minutes ago, Sherzod said:

Hello,

Yes.

Okay, how?

Add to my CustomFiles via TUniServerModule.UniGUIServerModuleCreate (Sender: TObject) ;,

but after loading the address http: // myserver: port / uni-1.90.0.1526 / jQuery / MaskedInput / jquery.inputmask.min.js

browser shows version 3 (older version)

Link to comment
Share on other sites

@Sherzod, does it matter if I use local files and URLs in this CustomFile?

If I have in my list:

"

\mydir\customfile1.js

https://cdnjs.cloudflare.com/ajax/libs/jquery.inputmask/5.0.8-beta.1/jquery.inputmask.min.js

\mydir\othercustomfile.js

\mydir\customfile3.js

https://www.gstatic.com/firebasejs/7.21.1/firebase-firestore.js

"

is it possible to get wrong loading of files (If some files or URL in the list is not exist)  or is not matter ?

 

Link to comment
Share on other sites

12 minutes ago, irigsoft said:

but after loading the address http: // myserver: port / uni-1.90.0.1526 / jQuery / MaskedInput / jquery.inputmask.min.js

browser shows version 3 (older version)

Take a good look, the browser will show the new version as well.

22 minutes ago, irigsoft said:

jquery.inputmask.min.js

Sorry, I didn't pay attention.
jquery.inputmask.min.js and jquery-xx.min.js are different libraries, although the first file depends on the second.
jquery.inputmask.min.js - we can't unload this file at the moment because some components depend on it.

Link to comment
Share on other sites

On 12/9/2020 at 9:18 PM, lcolombo said:

Hi,

We hire a penetration test on a system based on unigui and they recommend us to update the jquery libraries:

The following libraries are out of date:
/fullweb.dll/uni-1.90.0.1526/jQuery/jquery-1.11.2.min.js
Version: 1.11.2
Date: 2014 

/fullweb.dll/uni-1.90.0.1526/jQuery/MaskedInput/jquery.inputmask.min.js
Version: 3.1.63-22
Date: 2015 


/fullweb.dll/uni-1.90.0.1526/jQuery/autoNumeric/autoNumeric-1.9.35.js
Version: 1.9.35
Date: 2015 

is it possible to update these libraries?

 

Regards

And what is the solution to this vulnerability ?

Link to comment
Share on other sites

8 minutes ago, Sherzod said:

Some components are adapted to the version that comes with UniGUI.
How do you want to use the new version? For what?

in this topic, security experts have recommended the replacement of files.
While currently working on the security of my server, I saw that some were trying to access these system files (maybe looking for some vulnerability in them).

I tried to update them and I understand that this is not possible (it is understandable on your part) and I looking for solution.

Link to comment
Share on other sites

  • 3 weeks later...

 

this chrome option, do an analysis on the site, and one of the points that caught my attention was also referring to the jquery libraries, which are outdated, and have critical vulnerabilities, it would be great if unigui already came with these latest libraries .

 

image.thumb.png.3dc947178025076b55ce334f0d2d1f55.png

  • Like 2
  • Upvote 2
Link to comment
Share on other sites

  • 5 months later...
2 minutes ago, Sherzod said:

Hello @irigsoft

Please clarify what exactly is the issue?

But keep in mind, uniEdit.pas uses two js libraries that are linked to the current version of jquery that UniGUI uses.
 

jquery.inputmask.min.js

autoNumeric-1.9.35.js

 

what is solution of this:

"Hi,

We hire a penetration test on a system based on unigui and they recommend us to update the jquery libraries:

The following libraries are out of date:
/fullweb.dll/uni-1.90.0.1526/jQuery/jquery-1.11.2.min.js
Version: 1.11.2
Date: 2014 

/fullweb.dll/uni-1.90.0.1526/jQuery/MaskedInput/jquery.inputmask.min.js
Version: 3.1.63-22
Date: 2015 


/fullweb.dll/uni-1.90.0.1526/jQuery/autoNumeric/autoNumeric-1.9.35.js
Version: 1.9.35
Date: 2015 

is it possible to update these libraries?"

Link to comment
Share on other sites

1 minute ago, irigsoft said:

The following libraries are out of date:
/fullweb.dll/uni-1.90.0.1526/jQuery/jquery-1.11.2.min.js
Version: 1.11.2
Date: 2014 

This issue you can fix.

Above, it was indicated how to disable the built-in jquery library in UniGUI.

And you can include the latest version of the library, in many ways you know.

5 minutes ago, irigsoft said:

/fullweb.dll/uni-1.90.0.1526/jQuery/MaskedInput/jquery.inputmask.min.js
Version: 3.1.63-22
Date: 2015 


/fullweb.dll/uni-1.90.0.1526/jQuery/autoNumeric/autoNumeric-1.9.35.js
Version: 1.9.35
Date: 2015 

This is only by correcting the UniEdit module. You can send a request to the support portal.

Link to comment
Share on other sites

On 7/15/2022 at 4:40 PM, Sherzod said:

This is only by correcting the UniEdit module. You can send a request to the support portal.

hello, is it possible to change library via this code?

this code to MainForm.Script 

Ext.onReady(function() {
    Ext.Loader.loadScript('files/html2canvas.min.js'); // please correct your path
});
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...