From 179c6067be3e792bb3bbfa304bf5ae1600b63989 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Tue, 11 Dec 2018 21:28:29 +0100
Subject: [PATCH] [security/229] Add ajax prefilter for crossdomain requests

SECURITY-229
---
 phpBB/assets/javascript/core.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/phpBB/assets/javascript/core.js b/phpBB/assets/javascript/core.js
index 02d7323dfb..5218a8c1be 100644
--- a/phpBB/assets/javascript/core.js
+++ b/phpBB/assets/javascript/core.js
@@ -20,6 +20,13 @@ var phpbbAlertTimer = null;
 
 phpbb.isTouch = (window && typeof window.ontouchstart !== 'undefined');
 
+// Add ajax pre-filter to prevent cross-domain script execution
+$.ajaxPrefilter(function(s) {
+	if (s.crossDomain) {
+		s.contents.script = false;
+	}
+});
+
 /**
  * Display a loading screen
  *