From 4b9e447db61ccfe33e88bdab1297b1136732d835 Mon Sep 17 00:00:00 2001
From: npt-1707 <npthanh132@gmail.com>
Date: Mon, 4 May 2026 04:25:04 +0800
Subject: [PATCH] jquery-1.10.2__read.js: Ajax: Mitigate possible XSS
 vulnerability

---
 jquery-1.10.2__read.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/jquery-1.10.2__read.js b/jquery-1.10.2__read.js
index 946cd28..a937d2a 100644
--- a/jquery-1.10.2__read.js
+++ b/jquery-1.10.2__read.js
@@ -10094,6 +10094,10 @@
 							// Convert response if prev dataType is non-auto and differs from current
 						} else if (prev !== "*" && prev !== current) {
 
+							// Mitigate possible XSS vulnerability (gh-2432)
+							if ( s.crossDomain && current === "script" ) {
+								continue;
+							}
 							// Seek a direct converter
 							conv = converters[prev + " " + current] || converters["* " + current];