Fixed jquery-ujs vulnerbility issue

rails · Jun 5, 2024 · 09381a2 · 09381a2
1 parent 83b041b
commit 09381a2
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/rails.js b/src/rails.js
@@ -218,9 +218,9 @@
         target = link.attr('target'),
         csrfToken = rails.csrfToken(),
         csrfParam = rails.csrfParam(),
-        form = $('<form method="post" action="' + href + '"></form>'),
+        form = $('<form method="post"></form>'),
         metadataInput = '<input name="_method" value="' + method + '" type="hidden" />';
-
+      form.attr('action', href);
       if (csrfParam !== undefined && csrfToken !== undefined && !rails.isCrossDomain(href)) {
         metadataInput += '<input name="' + csrfParam + '" value="' + csrfToken + '" type="hidden" />';
       }