From 87839792e0aa35318015143470d5c2c6483c0bc8 Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Sun, 16 Jan 2022 19:19:26 +0800 Subject: [PATCH] Revert "Prevent possible XSS when using jQuery (#18289)" (#18293) This reverts commit 661d3d28e97bb49bef075c0314edad5879148aaa. --- doc/developers/guidelines-frontend.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/doc/developers/guidelines-frontend.md b/doc/developers/guidelines-frontend.md index cbd2ca8a..9fec5bd1 100644 --- a/doc/developers/guidelines-frontend.md +++ b/doc/developers/guidelines-frontend.md @@ -127,8 +127,3 @@ We forbid `dataset` usage, its camel-casing behaviour makes it hard to grep for ### Vue2/Vue3 and JSX Gitea is using Vue2 now, we plan to upgrade to Vue3. We decided not to introduce JSX to keep the HTML and the JavaScript code separated. - -### jQuery's `$(...)` - -jQuery's `$` function has a broad functionality depending on the input. Well, this can be seen as nice, it's also a fallpit for possible XSS attacks when the input is user-controlled. -The usage of the function can be correct in certain situations, but it is discourage and recommended to use a more specific function of jQuery(e.g. `$.find`, `$.parseHTML`).